Mark Pilgrim

**Name of the Vulnerable Software and Affected Versions** Greasemonkey versions prior to 0.3.5 **Description** The issue allows remote web servers to read arbitrary files via a GET request to a file:// URL in the `GM xmlhttpRequest` API function. It also enables listing installed scripts using `GM scripts`, and obtaining sensitive information via `GM setValue` and `GM getValue` functions. **Recommendations** For versions prior to 0.3.5, update to version 0.3.5 or later to resolve the issue. As a temporary workaround, consider restricting the use of the `GM xmlhttpRequest` function and limiting access to `GM scripts`, `GM setValue`, and `GM getValue` functions until the update is applied.