EUVD-2011-2474

Malware in sbrugna...

Linux Distros Unpatched Vulnerability : CVE-2011-2486

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - nspluginwrapper before 1.4.4 does not properly provide access to NPNVprivateModeBool variable settings, which could prevent Firefox plugins from determining if...

Authorization Bypass

nspluginwrapper is vulnerable to authorization bypass attacks. The vulnerability exists as nspluginwrapper before 1.4.4 does not properly provide access to NPNVprivateModeBool variable settings, which could prevent Firefox plugins from determining if they should run in Private Browsing mode and...

CVE-2011-2486

nspluginwrapper before 1.4.4 does not properly provide access to NPNVprivateModeBool variable settings, which could prevent Firefox plugins from determining if they should run in Private Browsing mode and allow remote attackers to bypass intended access restrictions, as demonstrated using Flash...

CVE-2011-2486

nspluginwrapper before 1.4.4 does not properly provide access to NPNVprivateModeBool variable settings, which could prevent Firefox plugins from determining if they should run in Private Browsing mode and allow remote attackers to bypass intended access restrictions, as demonstrated using Flash...

CVE-2011-2486

Summary: CVE-2011-2486 affects nspluginwrapper prior to 1.4.4. The flaw lies in incorrect handling of NPNVprivateModeBool, which can prevent Firefox plugins from correctly determining Private Browsing state, enabling remote attackers to bypass access restrictions (as demonstrated with Flash). Imp...

nspluginwrapper: NPNVprivateModeBool variable not forwarded

nspluginwrapper before 1.4.4 does not properly provide access to NPNVprivateModeBool variable settings, which could prevent Firefox plugins from determining if they should run in Private Browsing mode and allow remote attackers to bypass intended access restrictions, as demonstrated using Flash...

Mozilla CSRF risk with plugins and 307 redirects (MFSA 2011-10)

Cross-site request forgery CSRF vulnerability in Mozilla Firefox before 3.5.17 and 3.6.x before 3.6.14, and SeaMonkey before 2.0.12, allows remote attackers to hijack the authentication of arbitrary users for requests that were initiated by a plugin and received a 307 redirect to a page on a...

CVE-2008-1686

Array index vulnerability in Speex 1.1.12 and earlier, as used in libfishsound 0.9.0 and earlier, including Illiminable DirectShow Filters and Annodex Plugins for Firefox, xine-lib before 1.1.12, and many other products, allows remote attackers to execute arbitrary code via a header structure...