[WEB SECURITY] XSS caused by Greasemonkey userscript
Martin Johns
martin.johns at gmail.com
Fri Dec 29 09:11:50 EST 2006
Hello all,
I think we all agree that browser add-ons may lead to additional
vulnerabilities in web apps that would otherwise be secure. I had some
time at my hands and looked into a couple of Greasemonkey userscripts.
I found an example where a userscript introduces new XSS holes in
various web applications. If you are interested, here is a short
writeup: http://shampoo.antville.org/stories/1537256/
Best
Martin
--
Martin Johns
http://www.informatik.uni-hamburg.de/SVS/personnel/martin/index.php
----------------------------------------------------------------------------
The Web Security Mailing List:
http://www.webappsec.org/lists/websecurity/
The Web Security Mailing List Archives:
http://www.webappsec.org/lists/websecurity/archive/
http://www.webappsec.org/rss/websecurity.rss [RSS Feed]
More information about the websecurity
mailing list