CVE-2007-6640 Information

Description

Creammonkey 0.9 through 1.1 and GreaseKit 1.2 through 1.3 does not properly prevent access to dangerous functions which allows remote attackers to read the configuration modify the configuration or send an HTTP request via the (1) GM_addStyle (2) GM_log (3) GM_openInTab (4) GM_setValue (5) GM_getValue or (6) GM_xmlhttpRequest function within a web page on which a userscript is configured.

Reference

http://8-p.info/greasekit/vuln/20071226-en.html http://osvdb.org/42819 http://secunia.com/advisories/28241 https://exchange.xforce.ibmcloud.com/vulnerabilities/39272