Creammonkey 0.9 through 1.1 and GreaseKit 1.2 through 1.3 does not properly prevent access to dangerous functions, which allows remote attackers to read the configuration, modify the configuration, or send an HTTP request via the (1) GM_addStyle, (2) GM_log, (3) GM_openInTab, (4) GM_setValue, (5) GM_getValue, or (6) GM_xmlhttpRequest function within a web page on which a userscript is configured.
References
History
No history.
MITRE Information
Status: PUBLISHED
Assigner: mitre
Published: 2008-01-04T01:00:00
Updated: 2017-08-07T12:57:01
Reserved: 2008-01-03T00:00:00
Link: CVE-2007-6640
JSON object: View
NVD Information
Status : Modified
Published: 2008-01-04T01:46:00.000
Modified: 2017-08-08T01:29:16.460
Link: CVE-2007-6640
JSON object: View
Redhat Information
No data.
CWE