The Math.random function in the JavaScript implementation in Mozilla Firefox 3.5.10 through 3.5.11, 3.6.4 through 3.6.8, and 4.0 Beta1 uses a random number generator that is seeded only once per document object, which makes it easier for remote attackers to track a user, or trick a user into acting upon a spoofed pop-up message, by calculating the seed value, related to a "temporary footprint" and an "in-session phishing attack." NOTE: this vulnerability exists because of an incorrect fix for CVE-2008-5913.
History

No history.

cve-icon MITRE Information

Status: PUBLISHED

Assigner: mitre

Published: 2010-09-15T19:00:00

Updated: 2017-09-18T12:57:01

Reserved: 2010-08-27T00:00:00


Link: CVE-2010-3171

JSON object: View

cve-icon NVD Information

Status : Modified

Published: 2010-09-15T20:00:02.493

Modified: 2017-09-19T01:31:15.817


Link: CVE-2010-3171

JSON object: View

cve-icon Redhat Information

No data.

CWE