Search criteria
3 vulnerabilities found for nspluginwrapper by nspluginwrapper
FKIE_CVE-2011-2486
Vulnerability from fkie_nvd - Published: 2012-11-19 12:10 - Updated: 2025-04-11 00:51
Severity ?
Summary
nspluginwrapper before 1.4.4 does not properly provide access to NPNVprivateModeBool variable settings, which could prevent Firefox plugins from determining if they should run in Private Browsing mode and allow remote attackers to bypass intended access restrictions, as demonstrated using Flash.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| nspluginwrapper | nspluginwrapper | 1.4.2 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:nspluginwrapper:nspluginwrapper:1.4.2:*:*:*:*:*:*:*",
"matchCriteriaId": "87E01B32-8F5C-4327-993B-7C43D1B45E7E",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "nspluginwrapper before 1.4.4 does not properly provide access to NPNVprivateModeBool variable settings, which could prevent Firefox plugins from determining if they should run in Private Browsing mode and allow remote attackers to bypass intended access restrictions, as demonstrated using Flash."
},
{
"lang": "es",
"value": "nspluginwrapper antes de v1.4.4 no proporciona adecuadamente acceso a la variable de configuraci\u00f3n NPNVprivateModeBool, lo que podr\u00eda impedir a algunos plugins de Firefox a la hora de determinar si se deben ejecutar en el modo de navegaci\u00f3n privada y permitir de esta forma a atacantes remotos evitar las restricciones de acceso, tal y como se demostr\u00f3 con el uso inapropiado de Flash.\r\n"
}
],
"id": "CVE-2011-2486",
"lastModified": "2025-04-11T00:51:21.963",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "NONE",
"baseScore": 5.0,
"confidentialityImpact": "NONE",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:L/Au:N/C:N/I:P/A:N",
"version": "2.0"
},
"exploitabilityScore": 10.0,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
]
},
"published": "2012-11-19T12:10:48.917",
"references": [
{
"source": "secalert@redhat.com",
"url": "http://lwn.net/Alerts/524725/"
},
{
"source": "secalert@redhat.com",
"url": "http://rhn.redhat.com/errata/RHSA-2012-1459.html"
},
{
"source": "secalert@redhat.com",
"tags": [
"Patch"
],
"url": "http://www.securitytracker.com/id?1027757"
},
{
"source": "secalert@redhat.com",
"url": "https://bugzilla.novell.com/show_bug.cgi?id=702034"
},
{
"source": "secalert@redhat.com",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=715384"
},
{
"source": "secalert@redhat.com",
"url": "https://github.com/davidben/nspluginwrapper/commit/7e4ab8e1189846041f955e6c83f72bc1624e7a98"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://lwn.net/Alerts/524725/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://rhn.redhat.com/errata/RHSA-2012-1459.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch"
],
"url": "http://www.securitytracker.com/id?1027757"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://bugzilla.novell.com/show_bug.cgi?id=702034"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=715384"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://github.com/davidben/nspluginwrapper/commit/7e4ab8e1189846041f955e6c83f72bc1624e7a98"
}
],
"sourceIdentifier": "secalert@redhat.com",
"vulnStatus": "Deferred",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-264"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
CVE-2011-2486 (GCVE-0-2011-2486)
Vulnerability from cvelistv5 – Published: 2012-11-19 11:00 – Updated: 2024-08-06 23:00
VLAI?
Summary
nspluginwrapper before 1.4.4 does not properly provide access to NPNVprivateModeBool variable settings, which could prevent Firefox plugins from determining if they should run in Private Browsing mode and allow remote attackers to bypass intended access restrictions, as demonstrated using Flash.
Severity ?
No CVSS data available.
CWE
- n/a
Assigner
References
| URL | Tags | |||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
||||||||||||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T23:00:34.025Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://bugzilla.novell.com/show_bug.cgi?id=702034"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://github.com/davidben/nspluginwrapper/commit/7e4ab8e1189846041f955e6c83f72bc1624e7a98"
},
{
"name": "RHSA-2012:1459",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT",
"x_transferred"
],
"url": "http://rhn.redhat.com/errata/RHSA-2012-1459.html"
},
{
"name": "1027757",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK",
"x_transferred"
],
"url": "http://www.securitytracker.com/id?1027757"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://lwn.net/Alerts/524725/"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=715384"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "nspluginwrapper before 1.4.4 does not properly provide access to NPNVprivateModeBool variable settings, which could prevent Firefox plugins from determining if they should run in Private Browsing mode and allow remote attackers to bypass intended access restrictions, as demonstrated using Flash."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2012-11-19T11:00:00.000Z",
"orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"shortName": "redhat"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://bugzilla.novell.com/show_bug.cgi?id=702034"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/davidben/nspluginwrapper/commit/7e4ab8e1189846041f955e6c83f72bc1624e7a98"
},
{
"name": "RHSA-2012:1459",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "http://rhn.redhat.com/errata/RHSA-2012-1459.html"
},
{
"name": "1027757",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK"
],
"url": "http://www.securitytracker.com/id?1027757"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://lwn.net/Alerts/524725/"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=715384"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"assignerShortName": "redhat",
"cveId": "CVE-2011-2486",
"datePublished": "2012-11-19T11:00:00.000Z",
"dateReserved": "2011-06-15T00:00:00.000Z",
"dateUpdated": "2024-08-06T23:00:34.025Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2011-2486 (GCVE-0-2011-2486)
Vulnerability from nvd – Published: 2012-11-19 11:00 – Updated: 2024-08-06 23:00
VLAI?
Summary
nspluginwrapper before 1.4.4 does not properly provide access to NPNVprivateModeBool variable settings, which could prevent Firefox plugins from determining if they should run in Private Browsing mode and allow remote attackers to bypass intended access restrictions, as demonstrated using Flash.
Severity ?
No CVSS data available.
CWE
- n/a
Assigner
References
| URL | Tags | |||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
||||||||||||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T23:00:34.025Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://bugzilla.novell.com/show_bug.cgi?id=702034"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://github.com/davidben/nspluginwrapper/commit/7e4ab8e1189846041f955e6c83f72bc1624e7a98"
},
{
"name": "RHSA-2012:1459",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT",
"x_transferred"
],
"url": "http://rhn.redhat.com/errata/RHSA-2012-1459.html"
},
{
"name": "1027757",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK",
"x_transferred"
],
"url": "http://www.securitytracker.com/id?1027757"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://lwn.net/Alerts/524725/"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=715384"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "nspluginwrapper before 1.4.4 does not properly provide access to NPNVprivateModeBool variable settings, which could prevent Firefox plugins from determining if they should run in Private Browsing mode and allow remote attackers to bypass intended access restrictions, as demonstrated using Flash."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2012-11-19T11:00:00.000Z",
"orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"shortName": "redhat"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://bugzilla.novell.com/show_bug.cgi?id=702034"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/davidben/nspluginwrapper/commit/7e4ab8e1189846041f955e6c83f72bc1624e7a98"
},
{
"name": "RHSA-2012:1459",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "http://rhn.redhat.com/errata/RHSA-2012-1459.html"
},
{
"name": "1027757",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK"
],
"url": "http://www.securitytracker.com/id?1027757"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://lwn.net/Alerts/524725/"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=715384"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"assignerShortName": "redhat",
"cveId": "CVE-2011-2486",
"datePublished": "2012-11-19T11:00:00.000Z",
"dateReserved": "2011-06-15T00:00:00.000Z",
"dateUpdated": "2024-08-06T23:00:34.025Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}