While Firefox may be more secure than Internet Explorer, it’s having its own share of security woes. The latest involves an add-in named GreaseMonkey. It comes less than a week after the last security patch. In this case, the add-in causes a security hole in Firefox that allows outsiders to control the computer.

Reaction from Mozilla was quick and the add-in has been pulled and patched to remove the danger. Dawn Kawamoto of CNET News writes:

The Mozilla Foundation is making available an update for a critical security flaw in Greasemonkey, an extension to the Firefox browser.

Greasemonkey is a popular add-on used to customize the design and behavior of Web pages. The flaw could let attackers read any file on a user’s local hard drive and list the contents of local directories. The update, Greasemonkey 0.3.5, was released Monday, according to the download page on the Mozilla Foundation’s Web site. The Mozilla Foundation coordinates Firefox development and marketing.

The flaw affects versions of Greasemonkey prior to 0.3.5, including early 0.4 alphas, according to a posting on Mozdev.org, a site where developers post applications and add-ons.

[Continue reading Firefox add-on Greasemonkey slips up]

[tags]firefox,mozilla,greasemonkey[/tags]