CVE-2011-2486

critical

Description

nspluginwrapper before 1.4.4 does not properly provide access to NPNVprivateModeBool variable settings, which could prevent Firefox plugins from determining if they should run in Private Browsing mode and allow remote attackers to bypass intended access restrictions, as demonstrated using Flash.

References

https://github.com/davidben/nspluginwrapper/commit/7e4ab8e1189846041f955e6c83f72bc1624e7a98

https://bugzilla.redhat.com/show_bug.cgi?id=715384

https://bugzilla.novell.com/show_bug.cgi?id=702034

http://www.securitytracker.com/id?1027757

http://rhn.redhat.com/errata/RHSA-2012-1459.html

http://lwn.net/Alerts/524725/

Details

Source: Mitre, NVD

Published: 2012-11-19

Updated: 2013-09-01

Risk Information

CVSS v2

Base Score: 5

Vector: CVSS2#AV:N/AC:L/Au:N/C:N/I:P/A:N

Severity: Medium

CVSS v3

Base Score: 9.1

Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N

Severity: Critical