Here is the post that got my attention on UserScripts.org:

Someone has been attempting to post scripts that steal cookies. Thanks to several alert us.o citizens (including davey, descriptor, loucypher, joel h, pogue) we have been able to note that the script is malicious and then delete them.

I’m putting up a banner to warn people that newly uploaded/updated scripts should be put under extra scrutiny.

I’ve also decreased the cache duration of rss feeds to 10 minutes, so if you keep an eye on http://userscripts.org/feeds/recent_scripts it will be a lot fresher than normal (it was cached for an hour)

So yes, everybody should be extra careful when downloading scripts like this – even if it is from a trusted source. I am happy to see the UserScripts.org team moved so quickly on this though. That makes me feel a lot better about my continued use of their Firefox extension.

Need Help? Be sure to check out the Beginner’s Guide to Greasemonkey!

Here is the most interesting sample from the article in question.

“Similar to how Firefox 2 blocks Web sites that are potentially going to try to steal your personal information, Firefox 3 will block Web sites that we believe are going to try to install malicious programs on your computer,” said Alex Faaborg, a user experience designer in a blog entry last week. “Mozilla is coordinating with Google on this feature.”

So is it Firefox’s place to tell you where to go and where not to go? I think so. I think this is Mozilla trying to be proactive instead of being reactive.

The Symantec Internet Security Threat Report came out yesterday. Of all the metrics that they are using, number of vulnerabilities gets top billing. This is possibly because this concept is easiest for people to understand: Count up the number of bugs. Product with the least bugs is declared to be more secure. It is, of course, much more complex than that.

+ Read More About the Firefox/Symantec Security Brawling!