Vulnerability Description
nspluginwrapper before 1.4.4 does not properly provide access to NPNVprivateModeBool variable settings, which could prevent Firefox plugins from determining if they should run in Private Browsing mode and allow remote attackers to bypass intended access restrictions, as demonstrated using Flash.
CVSS Score
MEDIUM
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Nspluginwrapper | Nspluginwrapper | 1.4.2 |
Related Weaknesses (CWE)
References
- http://lwn.net/Alerts/524725/
- http://rhn.redhat.com/errata/RHSA-2012-1459.html
- http://www.securitytracker.com/id?1027757Patch
- https://bugzilla.novell.com/show_bug.cgi?id=702034
- https://bugzilla.redhat.com/show_bug.cgi?id=715384
- https://github.com/davidben/nspluginwrapper/commit/7e4ab8e1189846041f955e6c83f72
- http://lwn.net/Alerts/524725/
- http://rhn.redhat.com/errata/RHSA-2012-1459.html
- http://www.securitytracker.com/id?1027757Patch
- https://bugzilla.novell.com/show_bug.cgi?id=702034
- https://bugzilla.redhat.com/show_bug.cgi?id=715384
- https://github.com/davidben/nspluginwrapper/commit/7e4ab8e1189846041f955e6c83f72
FAQ
What is CVE-2011-2486?
CVE-2011-2486 is a vulnerability with a CVSS score of 5.0 (MEDIUM). nspluginwrapper before 1.4.4 does not properly provide access to NPNVprivateModeBool variable settings, which could prevent Firefox plugins from determining if they should run in Private Browsing mode...
How severe is CVE-2011-2486?
CVE-2011-2486 has been rated MEDIUM with a CVSS base score of 5.0/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2011-2486?
Check the references section above for vendor advisories and patch information. Affected products include: Nspluginwrapper Nspluginwrapper.