Despite Microsoft’s attempt to, er, monopolize the security news…
Alex Feldstein posts Attention Greasemonkey Users. “There’s a serious security issue for Greasemonkey. Until I can study this in more detail, and as my use of GreaseMonkey is very minimal, I have chosen to disable it. (Via J-Walk)”
As best I’ve been able to ascertain, the problem occurs in versions before 0.34 and possibly also in the 0.4 alpha, but 0.35 is okay. The GreaseMoney add-in shows a little monkey face on the bottom of the browser. Click to toggle whether it is disabled, and only turn it on when you need it and trust the underlying page. You may also want to consider adding the NOSCRIPT add-on, which lets you specify which sites ought to be allowed to run JavaScript at all.