ID CVE-2008-5913
Summary The Math.random function in the JavaScript implementation in Mozilla Firefox 3.5.x before 3.5.10 and 3.6.x before 3.6.4, and SeaMonkey before 2.0.5, uses a random number generator that is seeded only once per browser session, which makes it easier for remote attackers to track a user, or trick a user into acting upon a spoofed pop-up message, by calculating the seed value, related to a "temporary footprint" and an "in-session phishing attack."
References
Vulnerable Configurations
  • cpe:2.3:a:mozilla:firefox:3.5:*:*:*:*:*:*:*
    cpe:2.3:a:mozilla:firefox:3.5:*:*:*:*:*:*:*
  • cpe:2.3:a:mozilla:firefox:3.5.1:*:*:*:*:*:*:*
    cpe:2.3:a:mozilla:firefox:3.5.1:*:*:*:*:*:*:*
  • cpe:2.3:a:mozilla:firefox:3.5.2:*:*:*:*:*:*:*
    cpe:2.3:a:mozilla:firefox:3.5.2:*:*:*:*:*:*:*
  • cpe:2.3:a:mozilla:firefox:3.5.3:*:*:*:*:*:*:*
    cpe:2.3:a:mozilla:firefox:3.5.3:*:*:*:*:*:*:*
  • cpe:2.3:a:mozilla:firefox:3.5.4:*:*:*:*:*:*:*
    cpe:2.3:a:mozilla:firefox:3.5.4:*:*:*:*:*:*:*
  • cpe:2.3:a:mozilla:firefox:3.5.5:*:*:*:*:*:*:*
    cpe:2.3:a:mozilla:firefox:3.5.5:*:*:*:*:*:*:*
  • cpe:2.3:a:mozilla:firefox:3.5.6:*:*:*:*:*:*:*
    cpe:2.3:a:mozilla:firefox:3.5.6:*:*:*:*:*:*:*
  • cpe:2.3:a:mozilla:firefox:3.5.7:*:*:*:*:*:*:*
    cpe:2.3:a:mozilla:firefox:3.5.7:*:*:*:*:*:*:*
  • cpe:2.3:a:mozilla:firefox:3.5.8:*:*:*:*:*:*:*
    cpe:2.3:a:mozilla:firefox:3.5.8:*:*:*:*:*:*:*
  • cpe:2.3:a:mozilla:firefox:3.5.9:*:*:*:*:*:*:*
    cpe:2.3:a:mozilla:firefox:3.5.9:*:*:*:*:*:*:*
  • cpe:2.3:a:mozilla:firefox:3.6:*:*:*:*:*:*:*
    cpe:2.3:a:mozilla:firefox:3.6:*:*:*:*:*:*:*
  • cpe:2.3:a:mozilla:firefox:3.6.2:*:*:*:*:*:*:*
    cpe:2.3:a:mozilla:firefox:3.6.2:*:*:*:*:*:*:*
  • cpe:2.3:a:mozilla:firefox:3.6.3:*:*:*:*:*:*:*
    cpe:2.3:a:mozilla:firefox:3.6.3:*:*:*:*:*:*:*
  • cpe:2.3:a:mozilla:firefox:3.6.4:*:*:*:*:*:*:*
    cpe:2.3:a:mozilla:firefox:3.6.4:*:*:*:*:*:*:*
  • cpe:2.3:a:mozilla:seamonkey:1.0:*:*:*:*:*:*:*
    cpe:2.3:a:mozilla:seamonkey:1.0:*:*:*:*:*:*:*
  • cpe:2.3:a:mozilla:seamonkey:1.0:alpha:*:*:*:*:*:*
    cpe:2.3:a:mozilla:seamonkey:1.0:alpha:*:*:*:*:*:*
  • cpe:2.3:a:mozilla:seamonkey:1.0:beta:*:*:*:*:*:*
    cpe:2.3:a:mozilla:seamonkey:1.0:beta:*:*:*:*:*:*
  • cpe:2.3:a:mozilla:seamonkey:1.0.1:*:*:*:*:*:*:*
    cpe:2.3:a:mozilla:seamonkey:1.0.1:*:*:*:*:*:*:*
  • cpe:2.3:a:mozilla:seamonkey:1.0.2:*:*:*:*:*:*:*
    cpe:2.3:a:mozilla:seamonkey:1.0.2:*:*:*:*:*:*:*
  • cpe:2.3:a:mozilla:seamonkey:1.0.3:*:*:*:*:*:*:*
    cpe:2.3:a:mozilla:seamonkey:1.0.3:*:*:*:*:*:*:*
  • cpe:2.3:a:mozilla:seamonkey:1.0.4:*:*:*:*:*:*:*
    cpe:2.3:a:mozilla:seamonkey:1.0.4:*:*:*:*:*:*:*
  • cpe:2.3:a:mozilla:seamonkey:1.0.5:*:*:*:*:*:*:*
    cpe:2.3:a:mozilla:seamonkey:1.0.5:*:*:*:*:*:*:*
  • cpe:2.3:a:mozilla:seamonkey:1.0.6:*:*:*:*:*:*:*
    cpe:2.3:a:mozilla:seamonkey:1.0.6:*:*:*:*:*:*:*
  • cpe:2.3:a:mozilla:seamonkey:1.0.7:*:*:*:*:*:*:*
    cpe:2.3:a:mozilla:seamonkey:1.0.7:*:*:*:*:*:*:*
  • cpe:2.3:a:mozilla:seamonkey:1.0.8:*:*:*:*:*:*:*
    cpe:2.3:a:mozilla:seamonkey:1.0.8:*:*:*:*:*:*:*
  • cpe:2.3:a:mozilla:seamonkey:1.0.9:*:*:*:*:*:*:*
    cpe:2.3:a:mozilla:seamonkey:1.0.9:*:*:*:*:*:*:*
  • cpe:2.3:a:mozilla:seamonkey:1.1:*:*:*:*:*:*:*
    cpe:2.3:a:mozilla:seamonkey:1.1:*:*:*:*:*:*:*
  • cpe:2.3:a:mozilla:seamonkey:1.1:alpha:*:*:*:*:*:*
    cpe:2.3:a:mozilla:seamonkey:1.1:alpha:*:*:*:*:*:*
  • cpe:2.3:a:mozilla:seamonkey:1.1:beta:*:*:*:*:*:*
    cpe:2.3:a:mozilla:seamonkey:1.1:beta:*:*:*:*:*:*
  • cpe:2.3:a:mozilla:seamonkey:1.1.1:*:*:*:*:*:*:*
    cpe:2.3:a:mozilla:seamonkey:1.1.1:*:*:*:*:*:*:*
  • cpe:2.3:a:mozilla:seamonkey:1.1.2:*:*:*:*:*:*:*
    cpe:2.3:a:mozilla:seamonkey:1.1.2:*:*:*:*:*:*:*
  • cpe:2.3:a:mozilla:seamonkey:1.1.3:*:*:*:*:*:*:*
    cpe:2.3:a:mozilla:seamonkey:1.1.3:*:*:*:*:*:*:*
  • cpe:2.3:a:mozilla:seamonkey:1.1.4:*:*:*:*:*:*:*
    cpe:2.3:a:mozilla:seamonkey:1.1.4:*:*:*:*:*:*:*
  • cpe:2.3:a:mozilla:seamonkey:1.1.5:*:*:*:*:*:*:*
    cpe:2.3:a:mozilla:seamonkey:1.1.5:*:*:*:*:*:*:*
  • cpe:2.3:a:mozilla:seamonkey:1.1.6:*:*:*:*:*:*:*
    cpe:2.3:a:mozilla:seamonkey:1.1.6:*:*:*:*:*:*:*
  • cpe:2.3:a:mozilla:seamonkey:1.1.7:*:*:*:*:*:*:*
    cpe:2.3:a:mozilla:seamonkey:1.1.7:*:*:*:*:*:*:*
  • cpe:2.3:a:mozilla:seamonkey:1.1.8:*:*:*:*:*:*:*
    cpe:2.3:a:mozilla:seamonkey:1.1.8:*:*:*:*:*:*:*
  • cpe:2.3:a:mozilla:seamonkey:1.1.9:*:*:*:*:*:*:*
    cpe:2.3:a:mozilla:seamonkey:1.1.9:*:*:*:*:*:*:*
  • cpe:2.3:a:mozilla:seamonkey:1.1.10:*:*:*:*:*:*:*
    cpe:2.3:a:mozilla:seamonkey:1.1.10:*:*:*:*:*:*:*
  • cpe:2.3:a:mozilla:seamonkey:1.1.11:*:*:*:*:*:*:*
    cpe:2.3:a:mozilla:seamonkey:1.1.11:*:*:*:*:*:*:*
  • cpe:2.3:a:mozilla:seamonkey:1.1.12:*:*:*:*:*:*:*
    cpe:2.3:a:mozilla:seamonkey:1.1.12:*:*:*:*:*:*:*
  • cpe:2.3:a:mozilla:seamonkey:1.1.13:*:*:*:*:*:*:*
    cpe:2.3:a:mozilla:seamonkey:1.1.13:*:*:*:*:*:*:*
  • cpe:2.3:a:mozilla:seamonkey:1.1.14:*:*:*:*:*:*:*
    cpe:2.3:a:mozilla:seamonkey:1.1.14:*:*:*:*:*:*:*
  • cpe:2.3:a:mozilla:seamonkey:1.1.15:*:*:*:*:*:*:*
    cpe:2.3:a:mozilla:seamonkey:1.1.15:*:*:*:*:*:*:*
  • cpe:2.3:a:mozilla:seamonkey:1.1.16:*:*:*:*:*:*:*
    cpe:2.3:a:mozilla:seamonkey:1.1.16:*:*:*:*:*:*:*
  • cpe:2.3:a:mozilla:seamonkey:1.1.17:*:*:*:*:*:*:*
    cpe:2.3:a:mozilla:seamonkey:1.1.17:*:*:*:*:*:*:*
  • cpe:2.3:a:mozilla:seamonkey:2.0:*:*:*:*:*:*:*
    cpe:2.3:a:mozilla:seamonkey:2.0:*:*:*:*:*:*:*
  • cpe:2.3:a:mozilla:seamonkey:2.0:alpha_1:*:*:*:*:*:*
    cpe:2.3:a:mozilla:seamonkey:2.0:alpha_1:*:*:*:*:*:*
  • cpe:2.3:a:mozilla:seamonkey:2.0:alpha_2:*:*:*:*:*:*
    cpe:2.3:a:mozilla:seamonkey:2.0:alpha_2:*:*:*:*:*:*
  • cpe:2.3:a:mozilla:seamonkey:2.0:alpha_3:*:*:*:*:*:*
    cpe:2.3:a:mozilla:seamonkey:2.0:alpha_3:*:*:*:*:*:*
  • cpe:2.3:a:mozilla:seamonkey:2.0:beta_1:*:*:*:*:*:*
    cpe:2.3:a:mozilla:seamonkey:2.0:beta_1:*:*:*:*:*:*
  • cpe:2.3:a:mozilla:seamonkey:2.0:beta_2:*:*:*:*:*:*
    cpe:2.3:a:mozilla:seamonkey:2.0:beta_2:*:*:*:*:*:*
  • cpe:2.3:a:mozilla:seamonkey:2.0:rc1:*:*:*:*:*:*
    cpe:2.3:a:mozilla:seamonkey:2.0:rc1:*:*:*:*:*:*
  • cpe:2.3:a:mozilla:seamonkey:2.0:rc2:*:*:*:*:*:*
    cpe:2.3:a:mozilla:seamonkey:2.0:rc2:*:*:*:*:*:*
  • cpe:2.3:a:mozilla:seamonkey:2.0.1:*:*:*:*:*:*:*
    cpe:2.3:a:mozilla:seamonkey:2.0.1:*:*:*:*:*:*:*
  • cpe:2.3:a:mozilla:seamonkey:2.0.2:*:*:*:*:*:*:*
    cpe:2.3:a:mozilla:seamonkey:2.0.2:*:*:*:*:*:*:*
  • cpe:2.3:a:mozilla:seamonkey:2.0.3:*:*:*:*:*:*:*
    cpe:2.3:a:mozilla:seamonkey:2.0.3:*:*:*:*:*:*:*
  • cpe:2.3:a:mozilla:seamonkey:-:*:*:*:*:*:*:*
    cpe:2.3:a:mozilla:seamonkey:-:*:*:*:*:*:*:*
  • cpe:2.3:a:mozilla:seamonkey:1.1:*:alpha:*:*:*:*:*
    cpe:2.3:a:mozilla:seamonkey:1.1:*:alpha:*:*:*:*:*
  • cpe:2.3:a:mozilla:seamonkey:1.1:*:beta:*:*:*:*:*
    cpe:2.3:a:mozilla:seamonkey:1.1:*:beta:*:*:*:*:*
  • cpe:2.3:a:mozilla:seamonkey:1.1.18:*:*:*:*:*:*:*
    cpe:2.3:a:mozilla:seamonkey:1.1.18:*:*:*:*:*:*:*
  • cpe:2.3:a:mozilla:seamonkey:1.1.19:*:*:*:*:*:*:*
    cpe:2.3:a:mozilla:seamonkey:1.1.19:*:*:*:*:*:*:*
  • cpe:2.3:a:mozilla:seamonkey:1.5.0.8:*:*:*:*:*:*:*
    cpe:2.3:a:mozilla:seamonkey:1.5.0.8:*:*:*:*:*:*:*
  • cpe:2.3:a:mozilla:seamonkey:1.5.0.9:*:*:*:*:*:*:*
    cpe:2.3:a:mozilla:seamonkey:1.5.0.9:*:*:*:*:*:*:*
  • cpe:2.3:a:mozilla:seamonkey:1.5.0.10:*:*:*:*:*:*:*
    cpe:2.3:a:mozilla:seamonkey:1.5.0.10:*:*:*:*:*:*:*
  • cpe:2.3:a:mozilla:seamonkey:2.0.4:*:*:*:*:*:*:*
    cpe:2.3:a:mozilla:seamonkey:2.0.4:*:*:*:*:*:*:*
CVSS
Base: 4.9 (as of 29-09-2017 - 01:32)
Impact:
Exploitability:
CWE NVD-CWE-Other
CAPEC
Access
VectorComplexityAuthentication
NETWORK MEDIUM SINGLE
Impact
ConfidentialityIntegrityAvailability
PARTIAL PARTIAL NONE
cvss-vector via4 AV:N/AC:M/Au:S/C:P/I:P/A:N
oval via4
accepted 2013-04-29T04:11:47.665-04:00
class vulnerability
contributors
  • name Aharon Chernin
    organization SCAP.com, LLC
  • name Dragos Prisaca
    organization G2, Inc.
definition_extensions
  • comment The operating system installed on the system is Red Hat Enterprise Linux 4
    oval oval:org.mitre.oval:def:11831
  • comment CentOS Linux 4.x
    oval oval:org.mitre.oval:def:16636
  • comment Oracle Linux 4.x
    oval oval:org.mitre.oval:def:15990
  • comment The operating system installed on the system is Red Hat Enterprise Linux 5
    oval oval:org.mitre.oval:def:11414
  • comment The operating system installed on the system is CentOS Linux 5.x
    oval oval:org.mitre.oval:def:15802
  • comment Oracle Linux 5.x
    oval oval:org.mitre.oval:def:15459
description The Math.random function in the JavaScript implementation in Mozilla Firefox 3.5.x before 3.5.10 and 3.6.x before 3.6.4, and SeaMonkey before 2.0.5, uses a random number generator that is seeded only once per browser session, which makes it easier for remote attackers to track a user, or trick a user into acting upon a spoofed pop-up message, by calculating the seed value, related to a "temporary footprint" and an "in-session phishing attack."
family unix
id oval:org.mitre.oval:def:11139
status accepted
submitted 2010-07-09T03:56:16-04:00
title The Math.random function in the JavaScript implementation in Mozilla Firefox 3.5.x before 3.5.10 and 3.6.x before 3.6.4, and SeaMonkey before 2.0.5, uses a random number generator that is seeded only once per browser session, which makes it easier for remote attackers to track a user, or trick a user into acting upon a spoofed pop-up message, by calculating the seed value, related to a "temporary footprint" and an "in-session phishing attack."
version 25
redhat via4
advisories
  • rhsa
    id RHSA-2010:0500
  • rhsa
    id RHSA-2010:0501
rpms
  • firefox-0:3.6.4-8.el4
  • devhelp-0:0.12-21.el5
  • devhelp-devel-0:0.12-21.el5
  • gnome-python2-extras-0:2.14.2-7.el5
  • gnome-python2-gtkhtml2-0:2.14.2-7.el5
  • gnome-python2-gtkmozembed-0:2.14.2-7.el5
  • gnome-python2-gtkspell-0:2.14.2-7.el5
  • gnome-python2-libegg-0:2.14.2-7.el5
  • esc-0:1.1.0-12.el5
  • totem-0:2.16.7-7.el5
  • totem-devel-0:2.16.7-7.el5
  • totem-mozplugin-0:2.16.7-7.el5
  • yelp-0:2.16.0-26.el5
  • firefox-0:3.6.4-8.el5
  • xulrunner-0:1.9.2.4-10.el5
  • xulrunner-devel-0:1.9.2.4-10.el5
refmap via4
bid 33276
confirm
fedora
  • FEDORA-2010-10344
  • FEDORA-2010-10361
mandriva MDVSA-2010:125
misc
secunia
  • 40326
  • 40401
  • 40481
suse SUSE-SA:2010:030
ubuntu
  • USN-930-1
  • USN-930-2
vupen
  • ADV-2010-1551
  • ADV-2010-1557
  • ADV-2010-1592
  • ADV-2010-1640
  • ADV-2010-1773
Last major update 29-09-2017 - 01:32
Published 20-01-2009 - 16:30
Back to Top