The Mozilla Foundation is making available an update for a critical security flaw in Greasemonkey, an extension to the Firefox browser.
Greasemonkey is a popular add-on used to customize the design and behavior of Web pages. The flaw could let attackers read any file on a users local hard drive and list the contents of local directories. The update, Greasemonkey 0.3.5, was released Monday, according to the download page on the Mozilla Foundations Web site. The Mozilla Foundation coordinates Firefox development and marketing.
The flaw affects versions of Greasemonkey prior to 0.3.5, including early 0.4 alphas, according to a posting on Mozdev.org, a site where developers post applications and add-ons. People who switch to version 0.3.5, however, will find it lacks the so-called GM* APIs, which are designed to make Greasemonkey more powerful than HTML, according to Greaseblog, a blog devoted to the extension.
News source: C|Net News.com