CVE-2007-6640

Name of the Vulnerable Software and Affected Versions Creammonkey versions 0.9 through 1.1 GreaseKit versions 1.2 through 1.3

Description The issue allows remote attackers to access and manipulate sensitive functions within a web page where a userscript is configured. This can lead to reading the configuration, modifying the configuration, or sending an HTTP request via specific functions, including (1) GM addStyle, (2) GM log, (3) GM openInTab, (4) GM setValue, (5) GM getValue, or (6) GM xmlhttpRequest.

Recommendations For Creammonkey versions 0.9 through 1.1, consider disabling the GM addStyle, GM log, GM openInTab, GM setValue, GM getValue, and GM xmlhttpRequest functions until a patch is available. For GreaseKit versions 1.2 through 1.3, restrict access to the functions GM addStyle, GM log, GM openInTab, GM setValue, GM getValue, and GM xmlhttpRequest to minimize the risk of exploitation.