Greasespot: Mandatory Greasemonkey Update

Tuesday, July 19, 2005

Mandatory Greasemonkey Update

Yesterday, Mark Pilgrim discovered and announced a very serious security vulnerability in Greasemonkey. The flaw allows any website which matches at least one user script (even * scripts) to read any local file on your machine, or to list the contents of local directories. The flaw applies to Greasemonkey on all platforms.

I'm working feverishly on a fix for this. But this will take several days. In the meantime, I strongly recommend that everyone either install Greasemonkey 0.3.5, or else disable or uninstall Greasemonkey completely.

Greasemonkey 0.3.5 is a "neutered" version of Greasemonkey, lacking any of the GM* APIs which make Greasemonkey scripts more powerful than regular HTML. This means that scripts which depend on GM* APIs will fail with Greasemonkey 0.3.5.

I have heard no reports of this flaw being exploited, but now that it's public knowledge it isn't safe to continue using any version of Greasemonkey other than 0.3.5. Please either upgrade to 0.3.5 or disable Greasemonkey until I can get a fix finished.

I'm aware of how badly this sucks for many of you. Please accept my deepest personal apologies and realize that I'll do my best to get a fixed Greasemonkey available just as soon as possible.

If you have any other questions, the Greasemonkey mailing list is a good place to ask them.

74 comments:

mort said...: I'd say : bugs happen, Greasemonkey is truly awesome and a hint of the future and you shouldn't be apologizing. The bleeding edge of the web can cut :-)

I'll be looking forward for the fixed release. Thanks for your awesome and inspiring work.; 19 July, 2005 04:58
Karim said...: Dude,

S#!t happens! No need to apologize. We all know that this is bleeding edge + the good thing to know is that the distributed innovation model - works suprememly for bug catching!

Keep up the good work!; 19 July, 2005 07:29
Christopher said...: Man, you can't see every result of every permutation of every function of a powerful toolkit... You keep rocking, and we appreciate you also taking so much care of this bitchin device we all love!; 19 July, 2005 07:35
Kragen Sitaker said...: Good luck!; 19 July, 2005 07:47
Adam said...: Will it be possible for Greasemonkey to use the more powerful APIs only if the script came from the local drive?; 19 July, 2005 08:20
Anonymous said...: Could you explain a bit more as to what happens.
i.e. Does this happen on default or only cetain scripts that *leak* GM* API's? If so, how can we tell if a script leaks API's, and how do you prevent it?

Thanks.; 19 July, 2005 08:55
Anonymous said...: Does this happen whether one is running Windows or a Mac? I assume that makes no difference, but still I ask ....; 19 July, 2005 09:16
Anonymous said...: The exploit can happen on any page where a greasemonkey script is enabled. If you have a global GM script, then ANY web site out there can exploit the flaw by accessing the GM object. If you have only site-specific GM scripts, then only those allowed sites can exploit the flaw. If you trust those sites, then you are probably safe.; 19 July, 2005 09:21
Anonymous said...: YOU SUCK I GOT HACKED IN AND THEY STOLE MY FRIDGE.; 19 July, 2005 09:31
Anonymous said...: Question: the main site says that it affected EARLY betas of Greasemonkey 0.4. I'm however using the one from like two days ago, linked to here:

http://www.mozdev.org/pipermail/greasemonkey/2005-July/003962.html

I'm I still affected?

Thanks in advance.; 19 July, 2005 10:18
Anonymous said...: So how do I find out what version I'm running?; 19 July, 2005 11:13
chuck said...: Ugh. Sucks man. keep us posted re: the fix. I've only been using GreaseMonkey for a couple of weeks and this sure did make me realize how much I've been leaning on it.; 19 July, 2005 12:21
boogs said...: Regarding which 0.4's -- interpret "early versions" as all versions which exist right now. The one you have is afflicted. Sorry for the confusing language :-). I meant early as in, not even betas -- earlier than beta -- stuff that was floating around the mailing list.

You can find out what version you have by going to tools > extensions. It's next to the Greasemonkey title.; 19 July, 2005 12:52
Anonymous said...: firefox sux
extensions sux
go with the best
ms; 19 July, 2005 13:23
BlackTigerX said...: wellcome to the mases =o); 19 July, 2005 13:40
grnch said...: As far as I can see, it's only the GM_xmlhttpRequest API that is dangerous, and frankly, I don't see why it needs to be present, nor am I aware of any user scripts that use it. The existing XMLHttpRequest is all the scripts should need, why provide another less secure version?

Anyway, the point is, can't you remove just this API, instead of all of them?

Looks like you're over-reacting. Is there any way to exploit the other APIs that has not been mentioned? Please provide some more details.; 19 July, 2005 14:31
itub said...: The GM_xmlhttpRequest API is very useful and I have used it for my scripts. It allows you to mix content from different sites. The regular xmlhttpRequest has a same-origin policy, which limits its utility significatly.; 19 July, 2005 15:35
Jeremy Dunck said...: grnch,
Book Burro is a good example of a script using GM_xmlhttpRequest. There are more. Here are some:

http://bje.nu/download/greasemonkey/ljuserinfolastpost.user.js
http://brainoff.com/geocoder/gmaps.user.js
amazon2melvyl.user.js
annotate_google.user.js
bloglines.user.js
deliscrobbler.user.js
flick_batch.user.js
foaf-discovery.user.js
foxietb050430dus.user.js
gmaps.user.js
google_ad_prefetch.user.js
hattrick.user.js
hide-google-redirects.user.js
indiantimes.user.js
LibraryLookup.user.js
ljuserinfolastpost.user.js
mypipstag.user.js
riaa.user.js
http://greg.vario.us/software/foaf-discovery.user.js
http://hublog.hubmed.org/files/google_ad_prefetch.user.js
http://members.iinet.net.au/~lachiec/greasemonkey/flick_batch.user.js
http://persistent.info/greasemonkey/bloglines.user.js
http://ponderer.org/download/annotate_google.user.js
http://s89790145.onlinehome.us/code/greasemonkey/worldcatreal.user.js
http://sims.berkeley.edu/~ryanshaw/amazon2melvyl/amazon2melvyl.user.js
http://weblog.infoworld.com/udell/gems/LibraryLookup.user.js
http://www.cs.toronto.edu/~james/greasemonkey/hide-google-redirects.user.js

The usual xmlhttpRequest that's available is confined to requests on the same domain. GM_xmlhttpRequest allows requests to any domain, which allows cross-site integration and stuff like personal proxies and annotations. Think Google Search that you roll on your own there.

As for overreacting, not so. This is a very severe exploit. It was important that a version without the exploit be immediately available, and that it be distributed as widely as possible. Breaking scripts is a small thing compared to opening up local files.

Aaron's been working on a new version that fixes the exploit and keeps compatibility. Delaying a fix on this for even a day would have been negligent. 0.4 is coming soon, and we'll all be happier for it.; 19 July, 2005 15:39
Anonymous said...: Anyone who says that apologizing isn't necessary is simply an ass-kisser. To apologize is merely to admit fault--and how can he not?

Before the cry babies turn red, realize that I'm not criticizing the author. He did the right thing.

On the other hand, I am glad I never saw fit to use Greasemonkey!; 19 July, 2005 18:15
Curds said...: The problem is that GM_xmlhttprequest
can get at local files. That should
be simple to fix, right? IMHO that
should never have been allowed in
the first place.

Anyway, tis an unfortunate headline
on /.

Lookin forward to the next version.; 19 July, 2005 18:46
devMozilla said...: Thanks for the warning. The people of deviantART have been notified. *salute*; 19 July, 2005 19:30
Anonymous said...: We also use the GM_xmlhttpRequest API a lot inside our application, because of the single domain limitations of the xmlHttpRequest API.

It would be very sad to see this function removed from GM !
It needs to be fixed for the local files exploit, but its ability to do GET/POST from other domains is definitely a must-have!; 19 July, 2005 23:49
Jon C. said...: Curious, but are GM user scripts injected into a webpage any differently than bookmarklets?? Wser scripts and bookmarklets both seem to share a common trait of acting on a webpage's content but also being able to access functionality not available to the webpage. In the case of user scripts it's the GM_ functions, in the case of bookmarklets it's access to chrome urls. If the two are implemented differently, then perhaps the user scripts should be implemented more like bookmarklets. Just a thought, I don't know what's going on under the hood.

Good Luck on the patch. Losing the GM_ special functions for now is no big deal, most of the script I use do not need them, and those that do more than likely are suffering from feature bloat anyways :) Back to the basics of what GM was all about.; 20 July, 2005 02:11
Mike said...: No worries. I've uninstalled it for now and can easily put it back when the time comes. I appreciate the effort you put into Greasemonkey and fixing major bugs.; 20 July, 2005 05:16
Hez said...: Keep up the great work, re the bug, well they happend. You've handled this exactly as you should!

Thanks!; 20 July, 2005 10:03
Islington said...: Amazing how much I got used to it!Without noticing I got used to surfing without ads(90% of the time, looking forward to the new version!; 20 July, 2005 20:34
Anonymous said...: Using the NoScript extension makes this GreaseMonkey vulnerability practically unexploitable. NoScript forbids all JavaScript activity happening in content (including GreaseMonkey user scripts and "rogue pages" that would attempt to exploit the GM_* API), except for URI that you explicitely flag as "trusted" (e.g. your web mail, your bank account or your preferred news site).; 21 July, 2005 00:45
Anonymous said...: No need to apologise! Keep rocking! If I wasn't so crap at Javascript I'd offer to lend a hand... but...; 21 July, 2005 02:21
grnch said...: itub & jeremy dunck: I didn't know about all those scripts, thanks for pointing them out. Still, there was a reason for limiting the original XMLHttpRequest to a single domain, which this debacle with GM_XMLHttpRequest finely illustrates.

Fixing it to reject requests for local files will not be enough, I'm affraid, because it could also be used to make requests to hosts on the LAN (inside the firewall), which can contain potentially sensitive information, and there is no easy way to determine which hosts should be considered local.

The only true fix would be to make the GM_* functions completely inaccessible to any javascript code coming from the net.

Also, to clarify, the overreaction I was referring to consisted in removing ALL the GM_* functions from 0.3.5, when only removing GM_xmlhttprequest would have sufficed. The other GM APIs don't seem vulnerable. Or am I missing something?; 21 July, 2005 03:39
Anonymous said...: I think any of the GM functions could be accessed by a website owner. So they could also potentially play with your greasemonkey settings using GM_setValue/_getValue.

Sure most scripts don't have anything sensitive in those areas, but it could be annonying if a malicious website owner set all our Greasemonkey script settings to something else. Or at least that's my understanding of it...; 21 July, 2005 05:54
halans said...: Flickr implemented a Greasemonkey vulnerability detection script on all their pages. How cool is that. Check it out. Others should/might do it also.; 21 July, 2005 06:42
Carlos Santos said...: GM_xmlhttprequest is a critical function we are using in our research for user interfaces.

We look forward to having the functionality restored as soon as possible! :) Pleeeaase!; 21 July, 2005 11:06
3ARRANO said...: Hi, I've translated Greasemonkey to Basque (Euskara). If you wish, I can send you the xpi in order to put it on your website. Please reply to 3arranoAT3arranoDOTcom.

Thanks; 21 July, 2005 11:35
Kevin Lamping said...: The sooner the fix the better... I'm getting tired of seeing such a sad little monkey face in my status bar... lol... all jokes aside thanks for being upfront with the problem rather than hiding behind it all. I'm not mentioning names or anything, *cough* IE *cough*.; 21 July, 2005 17:33
Anonymous said...: Anything worth doing is worth doing wrong till you can get it right. Greasemonkey is like that. I've put a remander to check everyday till your next shot. Thanks for your hard work a I'll be here, waiting.

D, AKA The Webster; 22 July, 2005 11:23
Anonymous said...: This incident is a very serious indication that Firefox is not really suitable for Corporate environments.

Mutchibara Nihonkawa,
Japan; 23 July, 2005 08:53
Anonymous said...: I am very hacked; 23 July, 2005 14:37
Anonymous said...: I would like to point out that corporate environments vendor choices suffer the same problems in the software development cycle as does Firefox. The key difference is, like in this case, there is the good ethics and morality present to do this kind of thing. I would much rather have bad news than to think everything is working while running a ticking time bomb... Thanks very much for doing the right thing and taking the high path.; 23 July, 2005 23:44
ro said...: On corporate environments you would most likely not have users installing scripts like greasemonkey. For crissakes there is a tiny minority that even bother to install extensions.; 25 July, 2005 01:20
Anonymous said...: >>>
This incident is a very serious indication that Firefox is not really suitable for Corporate environments.

Mutchibara Nihonkawa,
Japan
<<<

IE sure as wicca is evil is certainly unsuitable for any environment. Firefox is the best thing since pickled beets.; 25 July, 2005 03:08
Martin Packer said...: Actually, as I said in a comment to another thread I would like people inside my company (IBM) to actually find it easier to wind up with Firefox installed with GreaseMonkey and selected scripts. That puts the onus, IMHO, on those selected scripts. Which isn't the same as having them install any old script they stumble across on the web.

So I do think it is suitable for a corporate environment - once the security issues are sorted out.; 25 July, 2005 13:17
Paul Irish said...: please post the link to the new 0.4.1 alpha!; 27 July, 2005 05:43
GK said...: Is there a possibility to disable this annoying warning which pops up at every page when Greasemonkey is used? I disabeld all scripts but two for a site I feel sure with. So I don't want to see this warning on every page of this site.; 28 July, 2005 00:33
Anonymous said...: It is truly ignorant to think this security flaw in GreaseMonkey reflects negatively on Firefox. Anyone can write an insecure plug-in for ANY browser. That does not mean you blame the browser for being insecure. So anyone that uses this flaw to say people should use IE instead are just plain ignorant, and should be ignored.; 29 July, 2005 12:30
Anonymous said...: Anonymous#2-- why is one bashing and making a big deal about the Greasemonkey,Firefox and IE. Even so that IE may have many loopholes. it's a matter of choice of which ones to use. I of course perfer firefox over IE but when it comes to mac.. Even so I use Both Firefox and Safari.. There is bound to be one software to be new crazed or BEst there is then comes a hole or a problem then we kicked it to the curb. Example how many of us out there can really program these type of softwares? yet we kicking it to the curb? so dude the one that made this greasemonkey keep up the GREAT work with since I find those who are patient in learning how to wrote programs are the coolest gift one can have.; 01 August, 2005 10:56
Anonymous said...: This file:///c:/ seems to work with IE v6 as well; 04 August, 2005 06:00
Daniel said...: well, when it works the program is great! So just keep on working on keeping it secure and great; 04 August, 2005 11:49
Ivanco said...: No need to apologize dude!... Buena Suerte!; 09 August, 2005 19:35
Anonymous said...: achat dvd vierge achat dvd achat mp3 autoradio dvd autoradio mp3 baladeur mp3 boitier dvd cd musique chanson francaise chanson paillarde parole chanson horoscope poisson horoscope sagittaire horoscope scorpion horoscope taureau horoscope verseau horoscope vierge horoscope horoscope lion horoscope gemeau jeu de tarot tarot zodiaque logiciel comptable logiciel de dessin logiciel de gravure telechargement logiciel logiciel de traduction logiciel gratuit logiciel montage photo logiciel montage video logiciel mp3 logiciel gratuit logiciel nero ecran de veille fond d ecran ordinateur ecran de projection ecran veille ecran plasma ecran de veille gratuit emoticone gratuit emoticone fond d ecran animal fond d ecran gratuit fond d ecran ordinateur fond d ecran pc fond ecran portable divx divx gratuit divx player download acc edonkey 2000 edonkey emule fr emule france emule gratuit emule mania emule paradise emule fond d ecran sexy fond cran fond d ecran animal fond d ecran gratuit fond d ecran ordinateur fond ecran pc fond ecran sexy fond d ecran fond icone icone xp illustration image film dvd film divx francaise des jeu france musique graveur dvd externe graveur dvd instrument de musique jacquette dvd jaquette divx jaquette dvd lecteur divx aperitif chef recette cuisine recette de cuisine porc poulet recette recette cuisine soupe aux chou parole de chanson anglais partition de musique pour piano partition gratuite flute traversiere lot partition tablature guitare beatles partition de piano d amelie poulain partition chanson francaise Does Your Mother Know Slow Turning tablature guitare gratuite ille vilaine tablature harmonica msn plus nouvelle version msn telechargement msn messenger 7.5 telecharger msn 7.5 telecharger msn messenger 7.5 telecharger msn messenger 8.0 telecharger msn messenger gratuitement telecharger msn messenger plus telecharger msn web messenger telecharger msn telecharger msn lecteur dvd divx lecteur dvd portable lecteur dvd driver pour lecteur dvd pioneer logiciel lecture dvd lecteur mp3 baladeur lecteur baladeur mp3 usb telechargement musique mp3 musique musique a telecharge musique alsace astuce jeu video astuce jeu video astuce casino jeu code jeu console de jeu jeu a gratter telecharger jeu jeu action jeu adulte jeu arcade accessoire voiture automobile code jeu tuning moto paris tuning show 2006 paris tuning show rally tuning voiture tuning voiture nero burning nero express pack codec pilote ripper serveur emule shareaza skype telechargement p2p telechargement logiciel jeu de combat jeu de dame jeu de foot jeu grattage gratuit jeu hasard jeu de lulu jeu de moto jeu de role jeu de strategie jeu de styliste jeu de voiture gratuit chanson pour enfant clip musique codec divx telecharger codec windows media player codec combi dvd vhs convertir wave en mp3 copie dvd driver driver hp dvd divx banque postale carte postale virtuelle carte postale henne modèle de tatouage piercing langue piercing nombril piercing tatoo tatouage musique arabe musique classique musique country musique de film musique gratuite musique gratuite a telecharger parole chanson parole de chanson francaise parole et musique parole et musique parole chanson logiciel antivirus telecharger jeu antivirus personal antivirus gratuit antivirus gratuitement norton antivirus antivirus software antivirus avast avg bitdefender firewall logiciel antivirus logiciel antivirus mc afee norton antivirus norton spybot telecharger norton antivirus telecharger antivirus telecharger msn 7.5 adresse msn astuce msn avatar bot msn web messenger clin d oeil msn e messenger emoticone gratuis emoticone gratuit emoticone jeu de voiture jeu diamant jeu diddl jeu educatif jeu en ligne gratuit jeu en ligne jeu en reseau jeu gratuit pour enfant jeu enfant jeu erotique telecharger divx telecharger emule acrobat reader acrobat reader acrobat reader ad aware adobe acrobat base de donnee clone cd clone dvd clone cd compression jeu aventure jeu barbie jeu cadeaux casino jeu jeu concours gratuit jeu concours jeu d argent jeu d echec jeu de billard gratuit jeu de billard jeu carte telecharger nero 6 telecharger nero 7 telecharger nero traducteur trillian winamp win mx winrar winzip zone alarm emule plus encodeur icq imesh java telecharger kazaa lite kazaa lite telecharger kazaa kazaa lite logiciel architecture logiciel batiment logiciel comptabilite emoticone msn messenger msn messenger astuce msn msn web messenger msn 7.0 msn 7.5 msn messenger 7.0 msn messenger 7.5 msn messenger msn blague blonde blague drole blague humour blague bonne blague carte postale video comique diaporama humour pps humour humour sexy video humour humour image humour pps humour video comique jeu flash jeu fr jeu grattage telecharger jeu gratuit jeu gratuit enfant jeu gratuit jeu java jeu mobile jeu online jeu pc gratuit astrologie gratuite astrologie horoscope 2006 horoscope balance horoscope belier horoscope cancer horoscope capricorne horoscope chinois horoscope gemeau horoscope gratuit horoscope lion horoscope mensuel dvd dvd decrypter dvd discount film dvd dvd musique dvd pas cher dvd player dvd porno ecouter and de and la and musique comment telecharger un film film a telecharger jeu pc jeu playstation 2 jeu porno jeu video jeu pc astuce rom nintendo rom sims 2 telechargement trucs; 20 April, 2006 14:25
Anonymous said...: Karups Private Collection
Karups Private Collection
Welcome to the king of all grot sites. This site is the mutt's nuts! 1000's of great quality pictures of great quality ladies plus a awesome amount of extra content.. Information on Ariel collection karups and amateur karups pussy

Karup Porn
Karup Girl
Karup Babes
Karup Fetish
Karup Sex
Karup Teen
Karup Collection
Karup Galleries
Karup Freebies
Karup Amateurs
Karup Hometown
Karups Private
Karup PC
Karup
Karupspc

Karups Weekly Freebies
Karups Private Collection (KarupsPC) is a verifiable behemoth. It makes me dizzy after a few pages, because there's just so many super beautiful women to browse through. They have the simplest and featureless members area of any adult site, and it works great somehow. The navigation is key here, as they have just so much content. Things are divided into 5 different (1-5) categories, and then further divided by headings like models, girl/girl, girl/guy, sex, babes, teen, amateur, asian, exotics, mature, more than 3, etc. Each of these has numerous gallery sections, usually ranging from 50 to more than 200 gallery sections! Each of these "volumes" has 9 different photo sets. All this adds up to a massive, high quality collection of over a million pictures.

Karup Babes
Karupspc
Karups Private
Karups PC
Karups Hometown
Karups Freebies
Karups Amateurs
Karups Teen
Karups Sex
Karups Girl
Karups Galleries
Karups Fetish
Karups Galleries
Karups
Karups Porno; 23 April, 2006 03:57
Anonymous said...: anti spyware gratuit avast antivirus antivirus en ligne antivirus gratuit antivirus gratuitement antivirus pour scanner antivirus software antivirus avast antivirus avg antivirus avg bitdefender comparatif antivirus etrust firewall logiciel antivirus mcafee meilleur antivirus norton antivirus gratuit norton antivirus telecharger norton panda antivirus spybot spyware telecharger antivirus gratuit telecharger antivirus zone alarm 206 tuning accessoire tuning accessoire voiture tuning tuning auto bmw tuning boitier tuning moto tuning paris tuning show piece auto tuning piece tuning rally scooter tuning tuning auto tuning voiture tuning blague blonde blague de toto blague drole blague du jour blague humour blague sur les blonde blague telephone blague video blague video comique diaporama humour blague humour humour et blague humour gratuit humour noir humour sexe humour sexy video humour humour image comique image humour pps humour blague video video comique video humour ace mega codec acrobat reader ad aware baladeur mp3 clone cd clone dvd codec audio codec avi codec divx codec dvd codec gratuit pack codec codec video codec xvid codec compression convertir mp3 convertisseur mp3 codec divx divx gratuit divx player divx download accelerator driver dvd divx dvd player dvd edonkey 2000 edonkey emule fr emule france emule gratuit emule paradise emule plus emule encodeur mp3 enregistreur dvd graveur dvd hp driver icq imesh jaquette dvd java kazaa lite kazaa lecteur mp3 logiciel a telecharger logiciel antivirus logiciel architecture logiciel comptabilite logiciel dessin logiciel de gravure telechargement logiciel logiciel de traduction logiciel gratuit logiciel nero burning rom nero express pack codec ripper serveur emule shareaza skype telechargement logiciel gratuit telechargement logiciel telechargement p2p telecharger acrobat reader telecharger ad aware telecharger antivirus telecharger avast telecharger divx telecharger e mule telecharger emule gratuit telecharger emule gratuitement telecharger emule jeu gratuit a telecharger telecharger java telecharger kazaa lite telecharger kazaa telecharger nero 6 telecharger nero 7 telecharger nero telecharger real player telecharger shareaza telecharger skype winamp telecharger winzip telecharger traducteur trillian winmx winrar winzip zone alarm ecran de veille gratuit ecran de veille fond d ecran gratuit fond d ecran pc fond ecran sexy fond ecran icone clone dvd mp3 gratuit lecteur mp3 musique mp3 prix mp3 sonnerie mp3 telechargement musique mp3 telecharger chanson telecharger codec telecharger mp3 gratuit telecharger mp3 tous les driver adresse msn astuce msn avatar clin d oeil msn clin oeil emoticone gratuit emoticone msn emoticone msn messenger msn 7.5 msn messenger 7.5 msn messenger msn plus msn web messenger msn web messenger msn nouvelle version msn telecharger emoticone telecharger messenger 7.5 telecharger messenger telecharger msn 7.5 telecharger msn messenger 7.5 telecharger msn messenger 8 telecharger msn plus telecharger msn telecharger yahoo messenger yahoo messenger chanson arabe chanson d amour chanson enfantine chanson francaise chanson paillarde parole chanson chanson pour enfant parole chanson parole chanson parole de chanson francaise parole et chanson partition batterie partition clarinette partition de chanson partition musique partition flute partition gratuite partition guitare partition piano partition saxophone partition rire et chanson texte de chanson traduction de chanson aperitif banque postale carte postale virtuelle carte postale cuisine recette de cuisine henne modèle de tatouage piercing langue piercing nombril piercing porc poulet recette recette cuisine soupe aux chou tatoo tatouage astuce jeu video truc et astuce console jeu console jeux francaise des jeu francaise des jeux telecharger jeu jeu action jeu adulte jeu arcade jeu aventure jeu concours jeu de billard jeu de carte jeu de dame jeu de moto jeu de role jeu de strategie jeu de voiture jeu diamant jeu diddl jeu educatif jeu enfant jeu erotique jeu flash astrologie chinoise astrologie gratuite astrologie les chevaliers du zodiaque horoscope 2006 gratuit horoscope 2006 horoscope amoureux horoscope balance horoscope belier horoscope cancer horoscope capricorne horoscope chinois horoscope du jour horoscope gemeau horoscope gratuit horoscope lion horoscope mensuel horoscope poisson horoscope sagittaire horoscope scorpion horoscope taureau horoscope verseau horoscope vierge horoscope jeu de tarot signe du zodiaque tarot marseille tarot divinatoire tarot en ligne tarot gratuit tarot tirage tarot gratuit tirage tarot


The weblog about Greasemonkey	Download Find Scripts Write Scripts Discuss Wiki Dev