Lumension® Endpoint Intelligence Center

Intelligence Center » Browse All Vulnerabilities » CVE-2011-2486

Overview

Vulnerability Score 5.0 5.0
CVE Id CVE-2011-2486
Last Modified 01 Sep 2013 02:24:51
Published 19 Nov 2012 07:10:48
Confidentiality Impact NONE NONE
Integrity Impact PARTIAL PARTIAL
Availability Impact NONE NONE
Access Vector NETWORK
Access Complexity LOW
Authentication NONE

CVE-2011-2486

Summary

nspluginwrapper before 1.4.4 does not properly provide access to NPNVprivateModeBool variable settings, which could prevent Firefox plugins from determining if they should run in Private Browsing mode and allow remote attackers to bypass intended access restrictions, as demonstrated using Flash.

Vulnerable Systems

Application

  • Nspluginwrapper 1.4.2


References

SECTRACK - 1027757

MISC - https://github.com/davidben/nspluginwrapper/commit/7e4ab8e1189846041f955e6c83f72bc1624e7a98

CONFIRM - https://bugzilla.redhat.com/show_bug.cgi?id=715384

CONFIRM - https://bugzilla.novell.com/show_bug.cgi?id=702034

REDHAT - RHSA-2012:1459

MISC - http://lwn.net/Alerts/524725/

Related Patches

Novell SUSE 2011:5480 nspluginwrapper recommended update for SLED 11 SP1 i586

Novell SUSE 2011:5480 nspluginwrapper recommended update for SLED 11 SP1 x86_64


Last Updated: 27 May 2016 10:56:40