GreaseKit and Creammonkey are plugins that enable user scripting to Safari and other Apple Webkit applications, and they provide APIs callable only from userscripts.
GreaseKit and Creammonkey are vulnerable in allowing APIs called from a web page.
When a user views a specially crafted web page, a remote attacker can read or modify the configuration, or send HTTP requests to arbitrary websites via the above functions, within the web page on which a userscript is configured to run.
Update the Software
Apply the latest update provided by the developer.
If you use Creammonkey, we recommend that you upgrade to the latest version of its successor GreaseKit, available from the developer's website.
## Products Affected