CVE-2005-2455

Name of the Vulnerable Software and Affected Versions Greasemonkey versions prior to 0.3.5

Description The issue allows remote web servers to read arbitrary files via a GET request to a file:// URL in the GM xmlhttpRequest API function. It also enables listing installed scripts using GM scripts, and obtaining sensitive information via GM setValue and GM getValue functions.

Recommendations For versions prior to 0.3.5, update to version 0.3.5 or later to resolve the issue. As a temporary workaround, consider restricting the use of the GM xmlhttpRequest function and limiting access to GM scripts, GM setValue, and GM getValue functions until the update is applied.