New Search

The Math.random function in the JavaScript implementation in Mozilla Firefox 3.5.x before 3.5.10 and 3.6.x before 3.6.4 and SeaMonkey before 2.0.5 uses a random number generator that is seeded only once per browser session which makes it easier for remote attackers to track a user or trick a user into acting upon a spoofed pop-up message by calculating the seed value related to a "temporary footprint" and an "in-session phishing attack."

oval:org.mitre.oval:def:11139

The Math.random function in the JavaScript implementation in Mozilla Firefox 3.5.x before 3.5.10 and 3.6.x before 3.6.4 and SeaMonkey before 2.0.5 uses a random number generator that is seeded only once per browser session which makes it easier for remote attackers to track a user or trick a user into acting upon a spoofed pop-up message by calculating the seed value related to a "temporary footprint" and an "in-session phishing attack."

Family:
unix
Status:
ACCEPTED
Platform(s):
  • CentOS Linux 4
  • Red Hat Enterprise Linux 5
  • Oracle Linux 5
  • Oracle Linux 4
  • Red Hat Enterprise Linux 4
  • CentOS Linux 5
Class:
vulnerability
Reference(s):
  • CVE-2008-5913
Product(s):