plugin/npapi/plugin.cpp in Gnash before 0.8.10 uses weak permissions (world readable) for cookie files with predictable names in /tmp, which allows local users to obtain sensitive information.
Name | Vendor | Start Version | End Version |
---|---|---|---|
Gnash | Gnu | * | 0.8.9 (including) |
Gnash | Gnu | 0.8.5 (including) | 0.8.5 (including) |
Gnash | Gnu | 0.8.7 (including) | 0.8.7 (including) |
Gnash | Gnu | 0.8.8 (including) | 0.8.8 (including) |
Gnash | Gnu | 0.8.9-rc4 (including) | 0.8.9-rc4 (including) |