← back
CVE-2010-3171

CVE-2010-3171

EPSS 4.5%
The Math.random function in the JavaScript implementation in Mozilla Firefox 3.5.10 through 3.5.11, 3.6.4 through 3.6.8, and 4.0 Beta1 uses a random number generator that is seeded only once per document object, which makes it easier for remote attackers to track a user, or trick a user into acting upon a spoofed pop-up message, by calculating the seed value, related to a "temporary footprint" and an "in-session phishing attack." NOTE: this vulnerability exists because of an incorrect fix for CVE-2008-5913.
Affected products
n/a · n/a
public PoCs found1
exploitdbwww.exploit-db.com/exploits/34621unverified
⚠ Public resources, to assess the exposure of systems you control or are authorized to test. Test only with authorization.

Want to know if your infrastructure is exposed to this?

Talk to TrueHacking →
References
http://archives.neohapsis.com/archives/bugtraq/2010-09/0117.htmlhttp://blogs.sun.com/security/entry/multiple_vulnerabilities_in_mozilla_firefoxhttps://bugzilla.mozilla.org/show_bug.cgi?id=577512http://secunia.com/advisories/42867https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A7370http://www.securityfocus.com/bid/43222http://www.trusteer.com/sites/default/files/Cross_domain_Math_Random_leakage_in_FF_3.6.4-3.6.8.pdfhttp://www.vupen.com/english/advisories/2011/0061