Though not strictly related to PHP, I know that a lot of the developers out there use this script, so I wanted to share a rather large security concern for users of the Greasemonkey extension for Firefox.

From Open Sourcery:

The maker of Greasemonkey, a popular extension for power users of the Firefox browser, has posted a warning of a serious security vulnerability in the current release. This vulnerability can potentially give access to any and all files stored on a system running the Greasemonkey extension in Firefox.

The Greasemonkey extension provides the facility to install and run scripts either associated with particular sites, or with all sites on the Internet. These scripts use standard JavaScript features and syntax, but the extension also provides a set of extended functions that are available to user scripts. These functions are the source of the security hole.

He details some of the issues surrounding this vulnerability, including the largest concern, the GM_xmlhttpRequest function - making it possible for scripts to make GET/POST requests to *any* remote URL.

They have posted a new version of the script in the meantime, with removes all support for the extended functions for the time being. They are working on a more permenant solution...