CVE-2011-2486 - OpenCVE

nspluginwrapper before 1.4.4 does not properly provide access to NPNVprivateModeBool variable settings, which could prevent Firefox plugins from determining if they should run in Private Browsing mode and allow remote attackers to bypass intended access restrictions, as demonstrated using Flash.

No CVSS v3.1

No CVSS v3.0

Access Vector Network

Access Complexity Low

Authentication None

Confidentiality Impact None

Integrity Impact Partial

Availability Impact None

AV:N/AC:L/Au:N/C:N/I:P/A:N

Vendors & Products
CPE Configurations

Vendors	Products
Nspluginwrapper	Nspluginwrapper

Configuration 1 [-]

cpe:2.3:a:nspluginwrapper:nspluginwrapper:1.4.2:*:*:*:*:*:*:*

References

Link	Resource
http://lwn.net/Alerts/524725/
http://rhn.redhat.com/errata/RHSA-2012-1459.html
http://www.securitytracker.com/id?1027757	Patch
https://bugzilla.novell.com/show_bug.cgi?id=702034
https://bugzilla.redhat.com/show_bug.cgi?id=715384
https://github.com/davidben/nspluginwrapper/commit/7e4ab8e1189846041f955e6c83f72bc1624e7a98

History

No history.

MITRE Information

Status: PUBLISHED

Assigner: redhat

Published: 2012-11-19T11:00:00Z

Updated: 2012-11-19T11:00:00Z

Reserved: 2011-06-15T00:00:00Z

Link: CVE-2011-2486

JSON object: View

NVD Information

Status : Modified

Published: 2012-11-19T12:10:48.917

Modified: 2013-09-01T06:24:51.890

Link: CVE-2011-2486

JSON object: View

Redhat Information

No data.

CWE

CWE-264

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:nspluginwrapper:nspluginwrapper:1.4.2:*:*:*:*:*:*:*", "matchCriteriaId": "87E01B32-8F5C-4327-993B-7C43D1B45E7E", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "descriptions": [{"lang": "en", "value": "nspluginwrapper before 1.4.4 does not properly provide access to NPNVprivateModeBool variable settings, which could prevent Firefox plugins from determining if they should run in Private Browsing mode and allow remote attackers to bypass intended access restrictions, as demonstrated using Flash."}, {"lang": "es", "value": "nspluginwrapper antes de v1.4.4 no proporciona adecuadamente acceso a la variable de configuraci\u00f3n NPNVprivateModeBool, lo que podr\u00eda impedir a algunos plugins de Firefox a la hora de determinar si se deben ejecutar en el modo de navegaci\u00f3n privada y permitir de esta forma a atacantes remotos evitar las restricciones de acceso, tal y como se demostr\u00f3 con el uso inapropiado de Flash.\r\n"}], "id": "CVE-2011-2486", "lastModified": "2013-09-01T06:24:51.890", "metrics": {"cvssMetricV2": [{"acInsufInfo": false, "baseSeverity": "MEDIUM", "cvssData": {"accessComplexity": "LOW", "accessVector": "NETWORK", "authentication": "NONE", "availabilityImpact": "NONE", "baseScore": 5.0, "confidentialityImpact": "NONE", "integrityImpact": "PARTIAL", "vectorString": "AV:N/AC:L/Au:N/C:N/I:P/A:N", "version": "2.0"}, "exploitabilityScore": 10.0, "impactScore": 2.9, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "nvd@nist.gov", "type": "Primary", "userInteractionRequired": false}]}, "published": "2012-11-19T12:10:48.917", "references": [{"source": "secalert@redhat.com", "url": "http://lwn.net/Alerts/524725/"}, {"source": "secalert@redhat.com", "url": "http://rhn.redhat.com/errata/RHSA-2012-1459.html"}, {"source": "secalert@redhat.com", "tags": ["Patch"], "url": "http://www.securitytracker.com/id?1027757"}, {"source": "secalert@redhat.com", "url": "https://bugzilla.novell.com/show_bug.cgi?id=702034"}, {"source": "secalert@redhat.com", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=715384"}, {"source": "secalert@redhat.com", "url": "https://github.com/davidben/nspluginwrapper/commit/7e4ab8e1189846041f955e6c83f72bc1624e7a98"}], "sourceIdentifier": "secalert@redhat.com", "vulnStatus": "Modified", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-264"}], "source": "nvd@nist.gov", "type": "Primary"}]}