I was searching for an old Greasemonkey plugin and ran across some weird behavior. Greasemonkey apparently looks at the URL of the page you are going to, and if it ends in .user.js it instantly believes it is a Greasemonkey plugin. There is no way to get around it (even works if Greasemonkey is disabled it turns out). I’m not exactly sure how an attacker would use this against a user other than perhaps a DoS attack of a lot of these. But here is an example of what I’m talking about (only works if you have it installed).