CVE-2007-6640

Creammonkey (0.9–1.1) and GreaseKit (1.2–1.3) expose dangerous user-scripting APIs (GM_addStyle, GM_log, GM_openInTab, GM_setValue, GM_getValue, GM_xmlhttpRequest) to web pages, allowing a remote attacker to read/modify configuration or trigger HTTP requests from a page hosting a userscript. The ...