According to Greaseblog:
The flaw allows any website which matches at least one user script (even * scripts) to read any local file on your machine, or to list the contents of local directories. The flaw applies to Greasemonkey on all platforms.
If you’re using Greasemonkey, immediately uninstall or disable it, or update to version 0.3.5 (which will break any userscript that relies on XML over HTTP requests, like amazon2melvyl).
Sometime around Valentine’s Day of this year, intermediation blew up:
Update, 4/7/05: The link above used to show a nice graph, which you can still see if you follow the link. I linked directly to the graph image as a kind of experiment to see whether BlogPulse enabled such a thing. Unfortunately, it looks like the graph images are only generated temporarily and the image files disappear after a few days. Too bad–allowing deep linking to their graphs would be a great way to spread word. After all, they have their name and copyright clearly embedded in the image.
| M | T | W | T | F | S | S |
|---|---|---|---|---|---|---|
| « Dec | ||||||
| 1 | ||||||
| 2 | 3 | 4 | 5 | 6 | 7 | 8 |
| 9 | 10 | 11 | 12 | 13 | 14 | 15 |
| 16 | 17 | 18 | 19 | 20 | 21 | 22 |
| 23 | 24 | 25 | 26 | 27 | 28 | 29 |
| 30 | ||||||
Powered by WordPress
