Vulnerability Details CVE-2011-2486
nspluginwrapper before 1.4.4 does not properly provide access to NPNVprivateModeBool variable settings, which could prevent Firefox plugins from determining if they should run in Private Browsing mode and allow remote attackers to bypass intended access restrictions, as demonstrated using Flash.
Exploit prediction scoring system (EPSS) score
EPSS Score 0.008
EPSS Ranking 73.1%
CVSS Severity
CVSS v2 Score 5.0
References
- http://lwn.net/Alerts/524725/
- http://rhn.redhat.com/errata/RHSA-2012-1459.html
- http://www.securitytracker.com/id?1027757
- https://bugzilla.novell.com/show_bug.cgi?id=702034
- https://bugzilla.redhat.com/show_bug.cgi?id=715384
- https://github.com/davidben/nspluginwrapper/commit/7e4ab8e1189846041f955e6c83f72bc1624e7a98
- http://lwn.net/Alerts/524725/
- http://rhn.redhat.com/errata/RHSA-2012-1459.html
- http://www.securitytracker.com/id?1027757
- https://bugzilla.novell.com/show_bug.cgi?id=702034
- https://bugzilla.redhat.com/show_bug.cgi?id=715384
- https://github.com/davidben/nspluginwrapper/commit/7e4ab8e1189846041f955e6c83f72bc1624e7a98
Products affected by CVE-2011-2486
-
cpe:2.3:a:nspluginwrapper:nspluginwrapper:1.4.2