Main Vulnerability Database SB2012111904

SB2012111904 - Permissions, Privileges, and Access Controls in nspluginwrapper

Published: November 19, 2012 Updated: August 11, 2020

Security Bulletin ID SB2012111904

CSH Severity

Medium

Patch available

YES

Number of vulnerabilities 1

Exploitation vector Remote access

Highest impact Data manipulation

Breakdown by Severity

Low
Medium
High
Critical

Description

This security bulletin contains information about 1 vulnerability.

1) Permissions, Privileges, and Access Controls (CVE-ID: CVE-2011-2486)

CWE-ID: CWE-264 - Permissions, Privileges, and Access Controls

CVSSv4: CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N/E:U/U:Green

The vulnerability allows a remote non-authenticated attacker to manipulate data.

nspluginwrapper before 1.4.4 does not properly provide access to NPNVprivateModeBool variable settings, which could prevent Firefox plugins from determining if they should run in Private Browsing mode and allow remote attackers to bypass intended access restrictions, as demonstrated using Flash.

Remediation

Install update from vendor's website.

SB2012111904 - Permissions, Privileges, and Access Controls in nspluginwrapper

Breakdown by Severity

Description

Remediation

References

Please verify you're human