CVE-2011-4328

Currently unrated

Key Information:

Vendor: Gnu
Status: Gnash
Vendor: CVE Published:; 16 June 2012

Summary

plugin/npapi/plugin.cpp in Gnash before 0.8.10 uses weak permissions (world readable) for cookie files with predictable names in /tmp, which allows local users to obtain sensitive information.

References

http://www.openwall.com/lists/oss-security/2011/11/21/12

mailing-listx_refsource_MLIST

http://lists.opensuse.org/opensuse-updates/2012-03/msg000...

vendor-advisoryx_refsource_SUSE

http://git.savannah.gnu.org/gitweb/?p=gnash.git%3Ba=commi...

x_refsource_CONFIRM

Timeline

Vulnerability published
Jun 16, 2012
Vulnerability Reserved
Nov 4, 2011