CVE-2011-2486

nspluginwrapper before 1.4.4 does not properly provide access to NPNVprivateModeBool variable settings, which could prevent Firefox plugins from determining if they should run in Private Browsing mode and allow remote attackers to bypass intended access restrictions, as demonstrated using Flash.

CVSS v2.0 5.0 MEDIUM

5.0^/10

CVSS v2.0 : MEDIUM

Vector : AV:N/AC:L/Au:N/C:N/I:P/A:N

Exploitability : 10.0 / Impact : 2.9

Access Vector NETWORK

Access Complexity LOW

Authentication NONE

Confidentiality Impact NONE

Integrity Impact PARTIAL

Availability Impact NONE

References

Link	Resource
https://bugzilla.redhat.com/show_bug.cgi?id=715384
https://bugzilla.novell.com/show_bug.cgi?id=702034
http://rhn.redhat.com/errata/RHSA-2012-1459.html
http://www.securitytracker.com/id?1027757	Patch
http://lwn.net/Alerts/524725/
https://github.com/davidben/nspluginwrapper/commit/7e4ab8e1189846041f955e6c83f72bc1624e7a98

Advertisement

Configurations

Configuration 1 (hide)

cpe:2.3:a:nspluginwrapper:nspluginwrapper:1.4.2:*:*:*:*:*:*:*

Information

Published : 2012-11-19 04:10

Updated : 2013-08-31 23:24

NVD link : CVE-2011-2486

Mitre link : CVE-2011-2486

JSON object : View

CWE

CWE-264

Permissions, Privileges, and Access Controls

Advertisement

Products Affected

nspluginwrapper

nspluginwrapper

{"cve": {"data_type": "CVE", "references": {"reference_data": [{"url": "https://bugzilla.redhat.com/show_bug.cgi?id=715384", "name": "https://bugzilla.redhat.com/show_bug.cgi?id=715384", "tags": [], "refsource": "CONFIRM"}, {"url": "https://bugzilla.novell.com/show_bug.cgi?id=702034", "name": "https://bugzilla.novell.com/show_bug.cgi?id=702034", "tags": [], "refsource": "CONFIRM"}, {"url": "http://rhn.redhat.com/errata/RHSA-2012-1459.html", "name": "RHSA-2012:1459", "tags": [], "refsource": "REDHAT"}, {"url": "http://www.securitytracker.com/id?1027757", "name": "1027757", "tags": ["Patch"], "refsource": "SECTRACK"}, {"url": "http://lwn.net/Alerts/524725/", "name": "http://lwn.net/Alerts/524725/", "tags": [], "refsource": "MISC"}, {"url": "https://github.com/davidben/nspluginwrapper/commit/7e4ab8e1189846041f955e6c83f72bc1624e7a98", "name": "https://github.com/davidben/nspluginwrapper/commit/7e4ab8e1189846041f955e6c83f72bc1624e7a98", "tags": [], "refsource": "MISC"}]}, "data_format": "MITRE", "description": {"description_data": [{"lang": "en", "value": "nspluginwrapper before 1.4.4 does not properly provide access to NPNVprivateModeBool variable settings, which could prevent Firefox plugins from determining if they should run in Private Browsing mode and allow remote attackers to bypass intended access restrictions, as demonstrated using Flash."}]}, "problemtype": {"problemtype_data": [{"description": [{"lang": "en", "value": "CWE-264"}]}]}, "data_version": "4.0", "CVE_data_meta": {"ID": "CVE-2011-2486", "ASSIGNER": "secalert@redhat.com"}}, "impact": {"baseMetricV2": {"cvssV2": {"version": "2.0", "baseScore": 5.0, "accessVector": "NETWORK", "vectorString": "AV:N/AC:L/Au:N/C:N/I:P/A:N", "authentication": "NONE", "integrityImpact": "PARTIAL", "accessComplexity": "LOW", "availabilityImpact": "NONE", "confidentialityImpact": "NONE"}, "severity": "MEDIUM", "impactScore": 2.9, "obtainAllPrivilege": false, "exploitabilityScore": 10.0, "obtainUserPrivilege": false, "obtainOtherPrivilege": false, "userInteractionRequired": false}}, "publishedDate": "2012-11-19T12:10Z", "configurations": {"nodes": [{"children": [], "operator": "OR", "cpe_match": [{"cpe23Uri": "cpe:2.3:a:nspluginwrapper:nspluginwrapper:1.4.2:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}]}], "CVE_data_version": "4.0"}, "lastModifiedDate": "2013-09-01T06:24Z"}