Creammonkey 0.9 through 1.1 and GreaseKit 1.2 through 1.3 does not properly prevent access to dangerous functions, which allows remote attackers to read the configuration, modify the configuration, or send an HTTP request via the (1) GM_addStyle, (2) GM_log, (3) GM_openInTab, (4) GM_setValue, (5) GM_getValue, or (6) GM_xmlhttpRequest function within a web page on which a userscript is configured.
Metrics
Affected Vendors & Products
References
History
No history.
MITRE
Status: PUBLISHED
Assigner: mitre
Published: 2008-01-04T01:00:00
Updated: 2024-08-07T16:11:06.230Z
Reserved: 2008-01-03T00:00:00
Link: CVE-2007-6640
Vulnrichment
No data.
NVD
Status : Modified
Published: 2008-01-04T01:46:00.000
Modified: 2024-11-21T00:40:39.810
Link: CVE-2007-6640
Redhat
No data.