{"containers": {"cna": {"affected": [{"product": "n/a", "vendor": "n/a", "versions": [{"status": "affected", "version": "n/a"}]}], "descriptions": [{"lang": "en", "value": "nspluginwrapper before 1.4.4 does not properly provide access to NPNVprivateModeBool variable settings, which could prevent Firefox plugins from determining if they should run in Private Browsing mode and allow remote attackers to bypass intended access restrictions, as demonstrated using Flash."}], "problemTypes": [{"descriptions": [{"description": "n/a", "lang": "en", "type": "text"}]}], "providerMetadata": {"orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749", "shortName": "redhat", "dateUpdated": "2012-11-19T11:00:00Z"}, "references": [{"tags": ["x_refsource_CONFIRM"], "url": "https://bugzilla.novell.com/show_bug.cgi?id=702034"}, {"tags": ["x_refsource_MISC"], "url": "https://github.com/davidben/nspluginwrapper/commit/7e4ab8e1189846041f955e6c83f72bc1624e7a98"}, {"name": "RHSA-2012:1459", "tags": ["vendor-advisory", "x_refsource_REDHAT"], "url": "http://rhn.redhat.com/errata/RHSA-2012-1459.html"}, {"name": "1027757", "tags": ["vdb-entry", "x_refsource_SECTRACK"], "url": "http://www.securitytracker.com/id?1027757"}, {"tags": ["x_refsource_MISC"], "url": "http://lwn.net/Alerts/524725/"}, {"tags": ["x_refsource_CONFIRM"], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=715384"}]}, "adp": [{"providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-06T23:00:34.025Z"}, "title": "CVE Program Container", "references": [{"tags": ["x_refsource_CONFIRM", "x_transferred"], "url": "https://bugzilla.novell.com/show_bug.cgi?id=702034"}, {"tags": ["x_refsource_MISC", "x_transferred"], "url": "https://github.com/davidben/nspluginwrapper/commit/7e4ab8e1189846041f955e6c83f72bc1624e7a98"}, {"name": "RHSA-2012:1459", "tags": ["vendor-advisory", "x_refsource_REDHAT", "x_transferred"], "url": "http://rhn.redhat.com/errata/RHSA-2012-1459.html"}, {"name": "1027757", "tags": ["vdb-entry", "x_refsource_SECTRACK", "x_transferred"], "url": "http://www.securitytracker.com/id?1027757"}, {"tags": ["x_refsource_MISC", "x_transferred"], "url": "http://lwn.net/Alerts/524725/"}, {"tags": ["x_refsource_CONFIRM", "x_transferred"], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=715384"}]}]}, "cveMetadata": {"assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749", "assignerShortName": "redhat", "cveId": "CVE-2011-2486", "state": "PUBLISHED", "dateReserved": "2011-06-15T00:00:00Z", "datePublished": "2012-11-19T11:00:00Z", "dateUpdated": "2024-08-06T23:00:34.025Z"}, "dataType": "CVE_RECORD", "dataVersion": "5.1"}

{}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:nspluginwrapper:nspluginwrapper:1.4.2:*:*:*:*:*:*:*", "matchCriteriaId": "87E01B32-8F5C-4327-993B-7C43D1B45E7E", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "cveTags": [], "descriptions": [{"lang": "en", "value": "nspluginwrapper before 1.4.4 does not properly provide access to NPNVprivateModeBool variable settings, which could prevent Firefox plugins from determining if they should run in Private Browsing mode and allow remote attackers to bypass intended access restrictions, as demonstrated using Flash."}, {"lang": "es", "value": "nspluginwrapper antes de v1.4.4 no proporciona adecuadamente acceso a la variable de configuraci\u00f3n NPNVprivateModeBool, lo que podr\u00eda impedir a algunos plugins de Firefox a la hora de determinar si se deben ejecutar en el modo de navegaci\u00f3n privada y permitir de esta forma a atacantes remotos evitar las restricciones de acceso, tal y como se demostr\u00f3 con el uso inapropiado de Flash.\r\n"}], "id": "CVE-2011-2486", "lastModified": "2013-09-01T06:24:51.890", "metrics": {"cvssMetricV2": [{"acInsufInfo": false, "baseSeverity": "MEDIUM", "cvssData": {"accessComplexity": "LOW", "accessVector": "NETWORK", "authentication": "NONE", "availabilityImpact": "NONE", "baseScore": 5.0, "confidentialityImpact": "NONE", "integrityImpact": "PARTIAL", "vectorString": "AV:N/AC:L/Au:N/C:N/I:P/A:N", "version": "2.0"}, "exploitabilityScore": 10.0, "impactScore": 2.9, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "nvd@nist.gov", "type": "Primary", "userInteractionRequired": false}]}, "published": "2012-11-19T12:10:48.917", "references": [{"source": "secalert@redhat.com", "url": "http://lwn.net/Alerts/524725/"}, {"source": "secalert@redhat.com", "url": "http://rhn.redhat.com/errata/RHSA-2012-1459.html"}, {"source": "secalert@redhat.com", "tags": ["Patch"], "url": "http://www.securitytracker.com/id?1027757"}, {"source": "secalert@redhat.com", "url": "https://bugzilla.novell.com/show_bug.cgi?id=702034"}, {"source": "secalert@redhat.com", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=715384"}, {"source": "secalert@redhat.com", "url": "https://github.com/davidben/nspluginwrapper/commit/7e4ab8e1189846041f955e6c83f72bc1624e7a98"}], "sourceIdentifier": "secalert@redhat.com", "vulnStatus": "Modified", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-264"}], "source": "nvd@nist.gov", "type": "Primary"}]}

{"affected_release": [{"advisory": "RHSA-2012:1459", "cpe": "cpe:/o:redhat:enterprise_linux:6", "package": "nspluginwrapper-0:1.4.4-1.el6_3", "product_name": "Red Hat Enterprise Linux 6", "release_date": "2012-11-13T00:00:00Z"}], "bugzilla": {"description": "nspluginwrapper: NPNVprivateModeBool variable not forwarded", "id": "715384", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=715384"}, "csaw": false, "cvss": {"cvss_base_score": "2.6", "cvss_scoring_vector": "AV:N/AC:H/Au:N/C:P/I:N/A:N", "status": "verified"}, "details": ["nspluginwrapper before 1.4.4 does not properly provide access to NPNVprivateModeBool variable settings, which could prevent Firefox plugins from determining if they should run in Private Browsing mode and allow remote attackers to bypass intended access restrictions, as demonstrated using Flash."], "name": "CVE-2011-2486", "package_state": [{"cpe": "cpe:/o:redhat:enterprise_linux:5", "fix_state": "Will not fix", "package_name": "nspluginwrapper", "product_name": "Red Hat Enterprise Linux 5"}], "public_date": "2011-03-25T00:00:00Z", "references": ["https://www.cve.org/CVERecord?id=CVE-2011-2486\nhttps://nvd.nist.gov/vuln/detail/CVE-2011-2486"], "statement": "Red Hat Enterprise Linux 5 is now in Production 3 Phase of the support and maintenance life cycle. This has been rated as having Low security impact and is not currently planned to be addressed in future updates. For additional information, refer to the Red Hat Enterprise Linux Life Cycle: https://access.redhat.com/support/policy/updates/errata/.", "threat_severity": "Low"}