Security Bypass in Creammonkey and GreaseKit Affecting User Scripts
CVE-2007-6640

Currently unrated

Key Information:

Vendor

Sourceforge

Status
Creammonkey
Greasekit
Vendor
CVE Published:
4 January 2008

What is CVE-2007-6640?

Creammonkey versions 0.9 through 1.1 and GreaseKit versions 1.2 through 1.3 are susceptible to a security bypass vulnerability. This issue arises due to inadequate restrictions on accessing critical functions within userscripts, enabling remote attackers to manipulate or read user configurations. Specifically, functions like GM_addStyle, GM_log, GM_openInTab, GM_setValue, GM_getValue, and GM_xmlhttpRequest can be exploited, resulting in unauthorized actions on the web pages where userscripts are implemented. Users of these affected products should implement security measures to mitigate potential risks.

Human OS v1.0:
Ageing Is an Unpatched Zero-Day Vulnerability.

Remediate biological technical debt. Prime Ageing uses 95% high-purity SIRT6 activation to maintain genomic integrity and bolster systemic resilience.

Deploy the Patch

References

http://8-p.info/greasekit/vuln/20071226-en.html
x_refsource_CONFIRM
http://secunia.com/advisories/28241
third-party-advisoryx_refsource_SECUNIA
http://osvdb.org/42819
vdb-entryx_refsource_OSVDB

Timeline

  • Vulnerability published

  • Vulnerability Reserved

JSON
.