ID CVE-2010-3804
Summary The JavaScript implementation in WebKit in Apple Safari before 5.0.3 on Mac OS X 10.5 through 10.6 and Windows, and before 4.1.3 on Mac OS X 10.4, uses a weak algorithm for generating values of random numbers, which makes it easier for remote attackers to track a user by predicting a value, a related issue to CVE-2008-5913 and CVE-2010-3171.
References
Vulnerable Configurations
  • Apple Safari 5.0.2
    cpe:2.3:a:apple:safari:5.0.2
  • Apple Safari 5.0.1
    cpe:2.3:a:apple:safari:5.0.1
  • Apple Safari 5.0
    cpe:2.3:a:apple:safari:5.0
  • Apple WebKit
    cpe:2.3:a:apple:webkit
  • Apple Mac OS X 10.5
    cpe:2.3:o:apple:mac_os_x:10.5
  • Apple Mac OS X 10.5.0
    cpe:2.3:o:apple:mac_os_x:10.5.0
  • Apple Mac OS X 10.5.1
    cpe:2.3:o:apple:mac_os_x:10.5.1
  • Apple Mac OS X 10.5.2
    cpe:2.3:o:apple:mac_os_x:10.5.2
  • Apple Mac OS X 10.5.3
    cpe:2.3:o:apple:mac_os_x:10.5.3
  • Apple Mac OS X 10.5.4
    cpe:2.3:o:apple:mac_os_x:10.5.4
  • Apple Mac OS X 10.5.5
    cpe:2.3:o:apple:mac_os_x:10.5.5
  • Apple Mac OS X 10.5.6
    cpe:2.3:o:apple:mac_os_x:10.5.6
  • Apple Mac OS X 10.5.7
    cpe:2.3:o:apple:mac_os_x:10.5.7
  • Apple Mac OS X 10.5.8
    cpe:2.3:o:apple:mac_os_x:10.5.8
  • Apple Mac OS X 10.6.0
    cpe:2.3:o:apple:mac_os_x:10.6.0
  • Apple Mac OS X 10.6.1
    cpe:2.3:o:apple:mac_os_x:10.6.1
  • Apple Mac OS X 10.6.2
    cpe:2.3:o:apple:mac_os_x:10.6.2
  • Apple Mac OS X 10.6.3
    cpe:2.3:o:apple:mac_os_x:10.6.3
  • Apple Mac OS X 10.6.4
    cpe:2.3:o:apple:mac_os_x:10.6.4
  • Apple Mac OS X 10.6.5
    cpe:2.3:o:apple:mac_os_x:10.6.5
  • Apple Mac OS X Server 10.5
    cpe:2.3:o:apple:mac_os_x_server:10.5
  • Apple Mac OS X Server 10.5.0
    cpe:2.3:o:apple:mac_os_x_server:10.5.0
  • Apple Mac OS X Server 10.5.1
    cpe:2.3:o:apple:mac_os_x_server:10.5.1
  • Apple Mac OS X Server 10.5.2
    cpe:2.3:o:apple:mac_os_x_server:10.5.2
  • Apple Mac OS X Server 10.5.3
    cpe:2.3:o:apple:mac_os_x_server:10.5.3
  • Apple Mac OS X Server 10.5.4
    cpe:2.3:o:apple:mac_os_x_server:10.5.4
  • Apple Mac OS X Server 10.5.5
    cpe:2.3:o:apple:mac_os_x_server:10.5.5
  • Apple Mac OS X Server 10.5.6
    cpe:2.3:o:apple:mac_os_x_server:10.5.6
  • Apple Mac OS X Server 10.5.7
    cpe:2.3:o:apple:mac_os_x_server:10.5.7
  • Apple Mac OS X Server 10.5.8
    cpe:2.3:o:apple:mac_os_x_server:10.5.8
  • Apple Mac OS X Server 10.6.0
    cpe:2.3:o:apple:mac_os_x_server:10.6.0
  • Apple Mac OS X Server 10.6.1
    cpe:2.3:o:apple:mac_os_x_server:10.6.1
  • Apple Mac OS X Server 10.6.2
    cpe:2.3:o:apple:mac_os_x_server:10.6.2
  • Apple Mac OS X Server 10.6.3
    cpe:2.3:o:apple:mac_os_x_server:10.6.3
  • Apple Mac OS X Server 10.6.4
    cpe:2.3:o:apple:mac_os_x_server:10.6.4
  • Apple Mac OS X Server 10.6.5
    cpe:2.3:o:apple:mac_os_x_server:10.6.5
  • Microsoft Windows 7
    cpe:2.3:o:microsoft:windows_7
  • Microsoft Windows Vista
    cpe:2.3:o:microsoft:windows_vista
  • Microsoft Windows XP Service Pack 2
    cpe:2.3:o:microsoft:windows_xp:-:sp2
  • Apple Safari 4.1.2
    cpe:2.3:a:apple:safari:4.1.2
  • Apple Safari 4.1.1
    cpe:2.3:a:apple:safari:4.1.1
  • Apple Safari 4.1
    cpe:2.3:a:apple:safari:4.1
  • Apple Safari 3.2.2
    cpe:2.3:a:apple:safari:3.2.2
  • Apple Safari 3.2.1
    cpe:2.3:a:apple:safari:3.2.1
  • Apple Safari 3.2.0
    cpe:2.3:a:apple:safari:3.2.0
  • Apple Safari 3.1.2
    cpe:2.3:a:apple:safari:3.1.2
  • Apple Safari 3.1.1
    cpe:2.3:a:apple:safari:3.1.1
  • Apple Safari 3.1.0b
    cpe:2.3:a:apple:safari:3.1.0b
  • Apple Safari 3.1.0
    cpe:2.3:a:apple:safari:3.1.0
  • Apple Safari 3.0.4b
    cpe:2.3:a:apple:safari:3.0.4b
  • Apple Safari 3.0.4
    cpe:2.3:a:apple:safari:3.0.4
  • Apple Safari 3.0.3b
    cpe:2.3:a:apple:safari:3.0.3b
  • Apple Safari 3.0.3
    cpe:2.3:a:apple:safari:3.0.3
  • Apple Safari 3.0.2b
    cpe:2.3:a:apple:safari:3.0.2b
  • Apple Safari 3.0.2
    cpe:2.3:a:apple:safari:3.0.2
  • Apple Safari 3.0.1b
    cpe:2.3:a:apple:safari:3.0.1b
  • Apple Safari 3.0.1
    cpe:2.3:a:apple:safari:3.0.1
  • Apple Safari 3.0.0b
    cpe:2.3:a:apple:safari:3.0.0b
  • Apple Safari 3.0.0
    cpe:2.3:a:apple:safari:3.0.0
  • Apple Safari 3.0
    cpe:2.3:a:apple:safari:3.0
  • Apple Safari 3
    cpe:2.3:a:apple:safari:3
  • Apple Safari 2.0.4
    cpe:2.3:a:apple:safari:2.0.4
  • Apple Safari 2.0.3 417.9.3
    cpe:2.3:a:apple:safari:2.0.3:417.9.3
  • Apple Safari 2.0.3 417.9.2
    cpe:2.3:a:apple:safari:2.0.3:417.9.2
  • Apple Safari 2.0.3 417.9
    cpe:2.3:a:apple:safari:2.0.3:417.9
  • Apple Safari 2.0.3 417.8
    cpe:2.3:a:apple:safari:2.0.3:417.8
  • Apple Safari 2.0.3
    cpe:2.3:a:apple:safari:2.0.3
  • Apple Safari 2.0.2
    cpe:2.3:a:apple:safari:2.0.2
  • Apple Safari 2.0.1
    cpe:2.3:a:apple:safari:2.0.1
  • Apple Safari 2.0.0
    cpe:2.3:a:apple:safari:2.0.0
  • Apple Safari 2.0
    cpe:2.3:a:apple:safari:2.0
  • Apple Safari 2
    cpe:2.3:a:apple:safari:2
  • Apple Safari 1.3.2 312.6
    cpe:2.3:a:apple:safari:1.3.2:312.6
  • Apple Safari 1.3.2 312.5
    cpe:2.3:a:apple:safari:1.3.2:312.5
  • Apple Safari 1.3.2
    cpe:2.3:a:apple:safari:1.3.2
  • Apple Safari 1.3.1
    cpe:2.3:a:apple:safari:1.3.1
  • Apple Safari 1.3.0
    cpe:2.3:a:apple:safari:1.3.0
  • Apple Safari 1.3
    cpe:2.3:a:apple:safari:1.3
  • Apple Safari 1.2.5
    cpe:2.3:a:apple:safari:1.2.5
  • Apple Safari 1.2.4
    cpe:2.3:a:apple:safari:1.2.4
  • Apple Safari 1.2.3
    cpe:2.3:a:apple:safari:1.2.3
  • Apple Safari 1.2.2
    cpe:2.3:a:apple:safari:1.2.2
  • Apple Safari 1.2.1
    cpe:2.3:a:apple:safari:1.2.1
  • Apple Safari 1.2.0
    cpe:2.3:a:apple:safari:1.2.0
  • Apple Safari 1.2
    cpe:2.3:a:apple:safari:1.2
  • Apple Safari 1.1.1
    cpe:2.3:a:apple:safari:1.1.1
  • Apple Safari 1.1.0
    cpe:2.3:a:apple:safari:1.1.0
  • Apple Safari 1.1
    cpe:2.3:a:apple:safari:1.1
  • Apple Safari 1.0 Beta2
    cpe:2.3:a:apple:safari:1.0:beta2
  • Apple Safari 1.0 Beta
    cpe:2.3:a:apple:safari:1.0:beta
  • Apple Safari 1.0.3 85.8.1
    cpe:2.3:a:apple:safari:1.0.3:85.8.1
  • Apple Safari 1.0.3 85.8
    cpe:2.3:a:apple:safari:1.0.3:85.8
  • Apple Safari 1.0.3
    cpe:2.3:a:apple:safari:1.0.3
  • Apple Safari 1.0.2
    cpe:2.3:a:apple:safari:1.0.2
  • Apple Safari 1.0.1
    cpe:2.3:a:apple:safari:1.0.1
  • Apple Safari 1.0.0b2
    cpe:2.3:a:apple:safari:1.0.0b2
  • Apple Safari 1.0.0b1
    cpe:2.3:a:apple:safari:1.0.0b1
  • Apple Safari 1.0.0
    cpe:2.3:a:apple:safari:1.0.0
  • Apple Safari 1.0
    cpe:2.3:a:apple:safari:1.0
  • Apple WebKit
    cpe:2.3:a:apple:webkit
  • Apple Mac OS X 10.4.11
    cpe:2.3:o:apple:mac_os_x:10.4.11
  • Apple Mac OS X Server 10.4.11
    cpe:2.3:o:apple:mac_os_x_server:10.4.11
  • Apple Mac OS X 10.4.0
    cpe:2.3:o:apple:mac_os_x:10.4.0
  • Apple Mac OS X 10.4.4
    cpe:2.3:o:apple:mac_os_x:10.4.4
  • Apple Mac OS X 10.4.3
    cpe:2.3:o:apple:mac_os_x:10.4.3
  • Apple Mac OS X 10.4.2
    cpe:2.3:o:apple:mac_os_x:10.4.2
  • Apple Mac OS X 10.4.10
    cpe:2.3:o:apple:mac_os_x:10.4.10
  • Apple Mac OS X 10.4.1
    cpe:2.3:o:apple:mac_os_x:10.4.1
  • Apple Mac OS X 10.4
    cpe:2.3:o:apple:mac_os_x:10.4
  • Apple Mac OS X 10.4.9
    cpe:2.3:o:apple:mac_os_x:10.4.9
  • Apple Mac OS X 10.4.8
    cpe:2.3:o:apple:mac_os_x:10.4.8
  • Apple Mac OS X 10.4.7
    cpe:2.3:o:apple:mac_os_x:10.4.7
  • Apple Mac OS X 10.4.6
    cpe:2.3:o:apple:mac_os_x:10.4.6
  • Apple Mac OS X 10.4.5
    cpe:2.3:o:apple:mac_os_x:10.4.5
  • Apple Mac OS X Server 10.4.8
    cpe:2.3:o:apple:mac_os_x_server:10.4.8
  • Apple Mac OS X Server 10.4.9
    cpe:2.3:o:apple:mac_os_x_server:10.4.9
  • Apple Mac OS X Server 10.4
    cpe:2.3:o:apple:mac_os_x_server:10.4
  • Apple Mac OS X Server 10.4.5
    cpe:2.3:o:apple:mac_os_x_server:10.4.5
  • Apple Mac OS X Server 10.4.4
    cpe:2.3:o:apple:mac_os_x_server:10.4.4
  • Apple Mac OS X Server 10.4.7
    cpe:2.3:o:apple:mac_os_x_server:10.4.7
  • Apple Mac OS X Server 10.4.6
    cpe:2.3:o:apple:mac_os_x_server:10.4.6
  • Apple Mac OS X Server 10.4.10
    cpe:2.3:o:apple:mac_os_x_server:10.4.10
  • Apple Mac OS X Server 10.4.1
    cpe:2.3:o:apple:mac_os_x_server:10.4.1
  • Apple Mac OS X Server 10.4.3
    cpe:2.3:o:apple:mac_os_x_server:10.4.3
  • Apple Mac OS X Server 10.4.2
    cpe:2.3:o:apple:mac_os_x_server:10.4.2
  • Apple Mac OS X Server 10.4.0
    cpe:2.3:o:apple:mac_os_x_server:10.4.0
CVSS
Base: 5.0 (as of 22-11-2010 - 10:42)
Impact:
Exploitability:
CWE CWE-310
CAPEC
  • Signature Spoofing by Key Recreation
    An attacker obtains an authoritative or reputable signer's private signature key by exploiting a cryptographic weakness in the signature algorithm or pseudorandom number generation and then uses this key to forge signatures from the original signer to mislead a victim into performing actions that benefit the attacker.
Access
VectorComplexityAuthentication
NETWORK LOW NONE
Impact
ConfidentialityIntegrityAvailability
PARTIAL NONE NONE
exploit-db via4
  • description WebKit Insufficient Entropy Random Number Generator Weakness (2). CVE-2010-3804. Remote exploit for windows platform
    id EDB-ID:35006
    last seen 2016-02-04
    modified 2010-11-18
    published 2010-11-18
    reporter Amit Klein
    source https://www.exploit-db.com/download/35006/
    title WebKit Insufficient Entropy Random Number Generator Weakness 2
  • description WebKit Insufficient Entropy Random Number Generator Weakness (1). CVE-2010-3804. Remote exploit for windows platform
    id EDB-ID:35005
    last seen 2016-02-04
    modified 2010-11-18
    published 2010-11-18
    reporter Amit Klein
    source https://www.exploit-db.com/download/35005/
    title WebKit Insufficient Entropy Random Number Generator Weakness 1
nessus via4
  • NASL family Windows
    NASL id SAFARI_5_0_3.NASL
    description The version of Safari installed on the remote Windows host is earlier than 5.0.3. As such, it is potentially affected by numerous issues in its WebKit component that could allow arbitrary code execution, session tracking, address bar spoofing, and other sorts of attacks.
    last seen 2019-02-21
    modified 2018-07-27
    plugin id 50654
    published 2010-11-18
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=50654
    title Safari < 5.0.3 Multiple Vulnerabilities
  • NASL family MacOS X Local Security Checks
    NASL id MACOSX_SAFARI5_0_3.NASL
    description The version of Apple Safari installed on the remote Mac OS X host is earlier than 5.0.3 / 4.1.3. As such, it is potentially affected by numerous issues in its WebKit component that could allow arbitrary code execution, session tracking, address bar spoofing, and other sorts of attacks.
    last seen 2019-02-21
    modified 2018-07-14
    plugin id 50653
    published 2010-11-18
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=50653
    title Mac OS X : Apple Safari < 5.0.3 / 4.1.3
  • NASL family SuSE Local Security Checks
    NASL id SUSE_11_2_LIBWEBKIT-110111.NASL
    description Various bugs in webkit have been fixed. The CVE id's are : CVE-2009-0945, CVE-2009-1681, CVE-2009-1684, CVE-2009-1685, CVE-2009-1686, CVE-2009-1687, CVE-2009-1688, CVE-2009-1689, CVE-2009-1691, CVE-2009-1690, CVE-2009-1692, CVE-2009-1693, CVE-2009-1694, CVE-2009-1695, CVE-2009-1696, CVE-2009-1697, CVE-2009-1698, CVE-2009-1699, CVE-2009-1700, CVE-2009-1701, CVE-2009-1702, CVE-2009-1703, CVE-2009-1709, CVE-2009-1710, CVE-2009-1711, CVE-2009-1712, CVE-2009-1713, CVE-2009-1714, CVE-2009-1715, CVE-2009-1718, CVE-2009-1724, CVE-2009-1725, CVE-2009-2195, CVE-2009-2199, CVE-2009-2200, CVE-2009-2419, CVE-2009-2797, CVE-2009-2816, CVE-2009-2841, CVE-2009-3272, CVE-2009-3384, CVE-2009-3933, CVE-2009-3934, CVE-2010-0046, CVE-2010-0047, CVE-2010-0048, CVE-2010-0049, CVE-2010-0050, CVE-2010-0052, CVE-2010-0053, CVE-2010-0054, CVE-2010-0315, CVE-2010-0647, CVE-2010-0051, CVE-2010-0650, CVE-2010-0651, CVE-2010-0656, CVE-2010-0659, CVE-2010-0661, CVE-2010-1029, CVE-2010-1126, CVE-2010-1233, CVE-2010-1236, CVE-2010-1386, CVE-2010-1387, CVE-2010-1388, CVE-2010-1389, CVE-2010-1390, CVE-2010-1391, CVE-2010-1392, CVE-2010-1393, CVE-2010-1394, CVE-2010-1395, CVE-2010-1396, CVE-2010-1397, CVE-2010-1398, CVE-2010-1399, CVE-2010-1400, CVE-2010-1401, CVE-2010-1402, CVE-2010-1403, CVE-2010-1404, CVE-2010-1405, CVE-2010-1406, CVE-2010-1407, CVE-2010-1408, CVE-2010-1409, CVE-2010-1410, CVE-2010-1412, CVE-2010-1413, CVE-2010-1414, CVE-2010-1415, CVE-2010-1416, CVE-2010-1417, CVE-2010-1418, CVE-2010-1419, CVE-2010-1421, CVE-2010-1422, CVE-2010-1729, CVE-2010-1749, CVE-2010-1757, CVE-2010-1758, CVE-2010-1759, CVE-2010-1760, CVE-2010-1761, CVE-2010-1762, CVE-2010-1763, CVE-2010-1764, CVE-2010-1766, CVE-2010-1767, CVE-2010-1769, CVE-2010-1770, CVE-2010-1771, CVE-2010-1772, CVE-2010-1773, CVE-2010-1774, CVE-2010-1780, CVE-2010-1781, CVE-2010-1782, CVE-2010-1783, CVE-2010-1784, CVE-2010-1785, CVE-2010-1786, CVE-2010-1787, CVE-2010-1788, CVE-2010-1789, CVE-2010-1790, CVE-2010-1791, CVE-2010-1792, CVE-2010-1793, CVE-2010-1807, CVE-2010-1812, CVE-2010-1813, CVE-2010-1814, CVE-2010-1815, CVE-2010-1822, CVE-2010-1823, CVE-2010-1824, CVE-2010-1825, CVE-2010-2264, CVE-2010-2295, CVE-2010-2297, CVE-2010-2300, CVE-2010-2301, CVE-2010-2302, CVE-2010-2441, CVE-2010-3116, CVE-2010-3257, CVE-2010-3259, CVE-2010-3312, CVE-2010-3803, CVE-2010-3804, CVE-2010-3805, CVE-2010-3808, CVE-2010-3809, CVE-2010-3810, CVE-2010-3811, CVE-2010-3812, CVE-2010-3813, CVE-2010-3816, CVE-2010-3817, CVE-2010-3818, CVE-2010-3819, CVE-2010-3820, CVE-2010-3821, CVE-2010-3822, CVE-2010-3823, CVE-2010-3824, CVE-2010-3826, CVE-2010-3829, CVE-2010-3900, CVE-2010-4040
    last seen 2019-02-21
    modified 2018-11-10
    plugin id 53764
    published 2011-05-05
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=53764
    title openSUSE Security Update : libwebkit (openSUSE-SU-2011:0024-1)
  • NASL family SuSE Local Security Checks
    NASL id SUSE_11_3_LIBWEBKIT-110104.NASL
    description Various bugs in webkit have been fixed. The CVE id's are : CVE-2009-0945, CVE-2009-1681, CVE-2009-1684, CVE-2009-1685, CVE-2009-1686, CVE-2009-1687, CVE-2009-1688, CVE-2009-1689, CVE-2009-1691, CVE-2009-1690, CVE-2009-1692, CVE-2009-1693, CVE-2009-1694, CVE-2009-1695, CVE-2009-1696, CVE-2009-1697, CVE-2009-1698, CVE-2009-1699, CVE-2009-1700, CVE-2009-1701, CVE-2009-1702, CVE-2009-1703, CVE-2009-1709, CVE-2009-1710, CVE-2009-1711, CVE-2009-1712, CVE-2009-1713, CVE-2009-1714, CVE-2009-1715, CVE-2009-1718, CVE-2009-1724, CVE-2009-1725, CVE-2009-2195, CVE-2009-2199, CVE-2009-2200, CVE-2009-2419, CVE-2009-2797, CVE-2009-2816, CVE-2009-2841, CVE-2009-3272, CVE-2009-3384, CVE-2009-3933, CVE-2009-3934, CVE-2010-0046, CVE-2010-0047, CVE-2010-0048, CVE-2010-0049, CVE-2010-0050, CVE-2010-0052, CVE-2010-0053, CVE-2010-0054, CVE-2010-0315, CVE-2010-0647, CVE-2010-0051, CVE-2010-0650, CVE-2010-0651, CVE-2010-0656, CVE-2010-0659, CVE-2010-0661, CVE-2010-1029, CVE-2010-1126, CVE-2010-1233, CVE-2010-1236, CVE-2010-1386, CVE-2010-1387, CVE-2010-1388, CVE-2010-1389, CVE-2010-1390, CVE-2010-1391, CVE-2010-1392, CVE-2010-1393, CVE-2010-1394, CVE-2010-1395, CVE-2010-1396, CVE-2010-1397, CVE-2010-1398, CVE-2010-1399, CVE-2010-1400, CVE-2010-1401, CVE-2010-1402, CVE-2010-1403, CVE-2010-1404, CVE-2010-1405, CVE-2010-1406, CVE-2010-1407, CVE-2010-1408, CVE-2010-1409, CVE-2010-1410, CVE-2010-1412, CVE-2010-1413, CVE-2010-1414, CVE-2010-1415, CVE-2010-1416, CVE-2010-1417, CVE-2010-1418, CVE-2010-1419, CVE-2010-1421, CVE-2010-1422, CVE-2010-1729, CVE-2010-1749, CVE-2010-1757, CVE-2010-1758, CVE-2010-1759, CVE-2010-1760, CVE-2010-1761, CVE-2010-1762, CVE-2010-1763, CVE-2010-1764, CVE-2010-1766, CVE-2010-1767, CVE-2010-1769, CVE-2010-1770, CVE-2010-1771, CVE-2010-1772, CVE-2010-1773, CVE-2010-1774, CVE-2010-1780, CVE-2010-1781, CVE-2010-1782, CVE-2010-1783, CVE-2010-1784, CVE-2010-1785, CVE-2010-1786, CVE-2010-1787, CVE-2010-1788, CVE-2010-1789, CVE-2010-1790, CVE-2010-1791, CVE-2010-1792, CVE-2010-1793, CVE-2010-1807, CVE-2010-1812, CVE-2010-1813, CVE-2010-1814, CVE-2010-1815, CVE-2010-1822, CVE-2010-1823, CVE-2010-1824, CVE-2010-1825, CVE-2010-2264, CVE-2010-2295, CVE-2010-2297, CVE-2010-2300, CVE-2010-2301, CVE-2010-2302, CVE-2010-2441, CVE-2010-3116, CVE-2010-3257, CVE-2010-3259, CVE-2010-3312, CVE-2010-3803, CVE-2010-3804, CVE-2010-3805, CVE-2010-3808, CVE-2010-3809, CVE-2010-3810, CVE-2010-3811, CVE-2010-3812, CVE-2010-3813, CVE-2010-3816, CVE-2010-3817, CVE-2010-3818, CVE-2010-3819, CVE-2010-3820, CVE-2010-3821, CVE-2010-3822, CVE-2010-3823, CVE-2010-3824, CVE-2010-3826, CVE-2010-3829, CVE-2010-3900, CVE-2010-4040
    last seen 2019-02-21
    modified 2018-11-10
    plugin id 75629
    published 2014-06-13
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=75629
    title openSUSE Security Update : libwebkit (openSUSE-SU-2011:0024-1)
oval via4
accepted 2013-12-30T04:00:06.424-05:00
class vulnerability
contributors
  • name SecPod Team
    organization SecPod Technologies
  • name Shane Shaffer
    organization G2, Inc.
  • name Maria Kedovskaya
    organization ALTX-SOFT
  • name Maria Kedovskaya
    organization ALTX-SOFT
definition_extensions
comment Apple Safari is installed
oval oval:org.mitre.oval:def:6325
description The JavaScript implementation in WebKit in Apple Safari before 5.0.3 on Mac OS X 10.5 through 10.6 and Windows, and before 4.1.3 on Mac OS X 10.4, uses a weak algorithm for generating values of random numbers, which makes it easier for remote attackers to track a user by predicting a value, a related issue to CVE-2008-5913 and CVE-2010-3171.
family windows
id oval:org.mitre.oval:def:11495
status accepted
submitted 2010-12-10T08:09:40
title Vulnerability in JavaScript implementation in WebKit in Apple Safari before 5.0.3 versions
version 12
refmap via4
apple
  • APPLE-SA-2010-11-18-1
  • APPLE-SA-2010-11-22-1
confirm
secunia
  • 42314
  • 43068
suse SUSE-SR:2011:002
vupen
  • ADV-2010-3046
  • ADV-2011-0212
xf safari-javascript-weak-security(63347)
Last major update 18-07-2011 - 22:40
Published 22-11-2010 - 08:00
Last modified 18-09-2017 - 21:31
Back to Top