New Search

Vulnerability in the Math.random function in the JavaScript implementation in Mozilla Firefox

oval:org.mitre.oval:def:7370

The Math.random function in the JavaScript implementation in Mozilla Firefox 3.5.10 through 3.5.11 3.6.4 through 3.6.8 and 4.0 Beta1 uses a random number generator that is seeded only once per document object which makes it easier for remote attackers to track a user or trick a user into acting upon a spoofed pop-up message by calculating the seed value related to a "temporary footprint" and an "in-session phishing attack." NOTE: this vulnerability exists because of an incorrect fix for CVE-2008-5913.

Family:
windows
Status:
ACCEPTED
Platform(s):
  • Microsoft Windows Server 2003
  • Microsoft Windows 7
  • Microsoft Windows Vista
  • Microsoft Windows 2000
  • Microsoft Windows XP
  • Microsoft Windows Server 2008
Class:
vulnerability
Reference(s):
  • CVE-2010-3171
Product(s):
  • Mozilla Firefox