ID CVE-2010-3400
Summary The js_InitRandom function in the JavaScript implementation in Mozilla Firefox 3.5.x before 3.5.10 and 3.6.x before 3.6.4, and SeaMonkey before 2.0.5, uses the current time for seeding of a random number generator, which makes it easier for remote attackers to guess the seed value via a brute-force attack, a different vulnerability than CVE-2008-5913.
References
Vulnerable Configurations
  • cpe:2.3:a:mozilla:firefox:3.5:*:*:*:*:*:*:*
    cpe:2.3:a:mozilla:firefox:3.5:*:*:*:*:*:*:*
  • cpe:2.3:a:mozilla:firefox:3.5.1:*:*:*:*:*:*:*
    cpe:2.3:a:mozilla:firefox:3.5.1:*:*:*:*:*:*:*
  • cpe:2.3:a:mozilla:firefox:3.5.2:*:*:*:*:*:*:*
    cpe:2.3:a:mozilla:firefox:3.5.2:*:*:*:*:*:*:*
  • cpe:2.3:a:mozilla:firefox:3.5.3:*:*:*:*:*:*:*
    cpe:2.3:a:mozilla:firefox:3.5.3:*:*:*:*:*:*:*
  • cpe:2.3:a:mozilla:firefox:3.5.4:*:*:*:*:*:*:*
    cpe:2.3:a:mozilla:firefox:3.5.4:*:*:*:*:*:*:*
  • cpe:2.3:a:mozilla:firefox:3.5.5:*:*:*:*:*:*:*
    cpe:2.3:a:mozilla:firefox:3.5.5:*:*:*:*:*:*:*
  • cpe:2.3:a:mozilla:firefox:3.5.6:*:*:*:*:*:*:*
    cpe:2.3:a:mozilla:firefox:3.5.6:*:*:*:*:*:*:*
  • cpe:2.3:a:mozilla:firefox:3.5.7:*:*:*:*:*:*:*
    cpe:2.3:a:mozilla:firefox:3.5.7:*:*:*:*:*:*:*
  • cpe:2.3:a:mozilla:firefox:3.5.8:*:*:*:*:*:*:*
    cpe:2.3:a:mozilla:firefox:3.5.8:*:*:*:*:*:*:*
  • cpe:2.3:a:mozilla:firefox:3.5.9:*:*:*:*:*:*:*
    cpe:2.3:a:mozilla:firefox:3.5.9:*:*:*:*:*:*:*
  • cpe:2.3:a:mozilla:firefox:3.6:*:*:*:*:*:*:*
    cpe:2.3:a:mozilla:firefox:3.6:*:*:*:*:*:*:*
  • cpe:2.3:a:mozilla:firefox:3.6.2:*:*:*:*:*:*:*
    cpe:2.3:a:mozilla:firefox:3.6.2:*:*:*:*:*:*:*
  • cpe:2.3:a:mozilla:firefox:3.6.3:*:*:*:*:*:*:*
    cpe:2.3:a:mozilla:firefox:3.6.3:*:*:*:*:*:*:*
  • cpe:2.3:a:mozilla:seamonkey:1.0:*:*:*:*:*:*:*
    cpe:2.3:a:mozilla:seamonkey:1.0:*:*:*:*:*:*:*
  • cpe:2.3:a:mozilla:seamonkey:1.0:alpha:*:*:*:*:*:*
    cpe:2.3:a:mozilla:seamonkey:1.0:alpha:*:*:*:*:*:*
  • cpe:2.3:a:mozilla:seamonkey:1.0:beta:*:*:*:*:*:*
    cpe:2.3:a:mozilla:seamonkey:1.0:beta:*:*:*:*:*:*
  • cpe:2.3:a:mozilla:seamonkey:1.0.1:*:*:*:*:*:*:*
    cpe:2.3:a:mozilla:seamonkey:1.0.1:*:*:*:*:*:*:*
  • cpe:2.3:a:mozilla:seamonkey:1.0.2:*:*:*:*:*:*:*
    cpe:2.3:a:mozilla:seamonkey:1.0.2:*:*:*:*:*:*:*
  • cpe:2.3:a:mozilla:seamonkey:1.0.3:*:*:*:*:*:*:*
    cpe:2.3:a:mozilla:seamonkey:1.0.3:*:*:*:*:*:*:*
  • cpe:2.3:a:mozilla:seamonkey:1.0.4:*:*:*:*:*:*:*
    cpe:2.3:a:mozilla:seamonkey:1.0.4:*:*:*:*:*:*:*
  • cpe:2.3:a:mozilla:seamonkey:1.0.5:*:*:*:*:*:*:*
    cpe:2.3:a:mozilla:seamonkey:1.0.5:*:*:*:*:*:*:*
  • cpe:2.3:a:mozilla:seamonkey:1.0.6:*:*:*:*:*:*:*
    cpe:2.3:a:mozilla:seamonkey:1.0.6:*:*:*:*:*:*:*
  • cpe:2.3:a:mozilla:seamonkey:1.0.7:*:*:*:*:*:*:*
    cpe:2.3:a:mozilla:seamonkey:1.0.7:*:*:*:*:*:*:*
  • cpe:2.3:a:mozilla:seamonkey:1.0.8:*:*:*:*:*:*:*
    cpe:2.3:a:mozilla:seamonkey:1.0.8:*:*:*:*:*:*:*
  • cpe:2.3:a:mozilla:seamonkey:1.0.9:*:*:*:*:*:*:*
    cpe:2.3:a:mozilla:seamonkey:1.0.9:*:*:*:*:*:*:*
  • cpe:2.3:a:mozilla:seamonkey:1.1:*:*:*:*:*:*:*
    cpe:2.3:a:mozilla:seamonkey:1.1:*:*:*:*:*:*:*
  • cpe:2.3:a:mozilla:seamonkey:1.1:alpha:*:*:*:*:*:*
    cpe:2.3:a:mozilla:seamonkey:1.1:alpha:*:*:*:*:*:*
  • cpe:2.3:a:mozilla:seamonkey:1.1:beta:*:*:*:*:*:*
    cpe:2.3:a:mozilla:seamonkey:1.1:beta:*:*:*:*:*:*
  • cpe:2.3:a:mozilla:seamonkey:1.1.1:*:*:*:*:*:*:*
    cpe:2.3:a:mozilla:seamonkey:1.1.1:*:*:*:*:*:*:*
  • cpe:2.3:a:mozilla:seamonkey:1.1.2:*:*:*:*:*:*:*
    cpe:2.3:a:mozilla:seamonkey:1.1.2:*:*:*:*:*:*:*
  • cpe:2.3:a:mozilla:seamonkey:1.1.3:*:*:*:*:*:*:*
    cpe:2.3:a:mozilla:seamonkey:1.1.3:*:*:*:*:*:*:*
  • cpe:2.3:a:mozilla:seamonkey:1.1.4:*:*:*:*:*:*:*
    cpe:2.3:a:mozilla:seamonkey:1.1.4:*:*:*:*:*:*:*
  • cpe:2.3:a:mozilla:seamonkey:1.1.5:*:*:*:*:*:*:*
    cpe:2.3:a:mozilla:seamonkey:1.1.5:*:*:*:*:*:*:*
  • cpe:2.3:a:mozilla:seamonkey:1.1.6:*:*:*:*:*:*:*
    cpe:2.3:a:mozilla:seamonkey:1.1.6:*:*:*:*:*:*:*
  • cpe:2.3:a:mozilla:seamonkey:1.1.7:*:*:*:*:*:*:*
    cpe:2.3:a:mozilla:seamonkey:1.1.7:*:*:*:*:*:*:*
  • cpe:2.3:a:mozilla:seamonkey:1.1.8:*:*:*:*:*:*:*
    cpe:2.3:a:mozilla:seamonkey:1.1.8:*:*:*:*:*:*:*
  • cpe:2.3:a:mozilla:seamonkey:1.1.9:*:*:*:*:*:*:*
    cpe:2.3:a:mozilla:seamonkey:1.1.9:*:*:*:*:*:*:*
  • cpe:2.3:a:mozilla:seamonkey:1.1.10:*:*:*:*:*:*:*
    cpe:2.3:a:mozilla:seamonkey:1.1.10:*:*:*:*:*:*:*
  • cpe:2.3:a:mozilla:seamonkey:1.1.11:*:*:*:*:*:*:*
    cpe:2.3:a:mozilla:seamonkey:1.1.11:*:*:*:*:*:*:*
  • cpe:2.3:a:mozilla:seamonkey:1.1.12:*:*:*:*:*:*:*
    cpe:2.3:a:mozilla:seamonkey:1.1.12:*:*:*:*:*:*:*
  • cpe:2.3:a:mozilla:seamonkey:1.1.13:*:*:*:*:*:*:*
    cpe:2.3:a:mozilla:seamonkey:1.1.13:*:*:*:*:*:*:*
  • cpe:2.3:a:mozilla:seamonkey:1.1.14:*:*:*:*:*:*:*
    cpe:2.3:a:mozilla:seamonkey:1.1.14:*:*:*:*:*:*:*
  • cpe:2.3:a:mozilla:seamonkey:1.1.15:*:*:*:*:*:*:*
    cpe:2.3:a:mozilla:seamonkey:1.1.15:*:*:*:*:*:*:*
  • cpe:2.3:a:mozilla:seamonkey:1.1.16:*:*:*:*:*:*:*
    cpe:2.3:a:mozilla:seamonkey:1.1.16:*:*:*:*:*:*:*
  • cpe:2.3:a:mozilla:seamonkey:1.1.17:*:*:*:*:*:*:*
    cpe:2.3:a:mozilla:seamonkey:1.1.17:*:*:*:*:*:*:*
  • cpe:2.3:a:mozilla:seamonkey:2.0:*:*:*:*:*:*:*
    cpe:2.3:a:mozilla:seamonkey:2.0:*:*:*:*:*:*:*
  • cpe:2.3:a:mozilla:seamonkey:2.0:alpha_1:*:*:*:*:*:*
    cpe:2.3:a:mozilla:seamonkey:2.0:alpha_1:*:*:*:*:*:*
  • cpe:2.3:a:mozilla:seamonkey:2.0:alpha_2:*:*:*:*:*:*
    cpe:2.3:a:mozilla:seamonkey:2.0:alpha_2:*:*:*:*:*:*
  • cpe:2.3:a:mozilla:seamonkey:2.0:alpha_3:*:*:*:*:*:*
    cpe:2.3:a:mozilla:seamonkey:2.0:alpha_3:*:*:*:*:*:*
  • cpe:2.3:a:mozilla:seamonkey:2.0:beta_1:*:*:*:*:*:*
    cpe:2.3:a:mozilla:seamonkey:2.0:beta_1:*:*:*:*:*:*
  • cpe:2.3:a:mozilla:seamonkey:2.0:beta_2:*:*:*:*:*:*
    cpe:2.3:a:mozilla:seamonkey:2.0:beta_2:*:*:*:*:*:*
  • cpe:2.3:a:mozilla:seamonkey:2.0:rc1:*:*:*:*:*:*
    cpe:2.3:a:mozilla:seamonkey:2.0:rc1:*:*:*:*:*:*
  • cpe:2.3:a:mozilla:seamonkey:2.0:rc2:*:*:*:*:*:*
    cpe:2.3:a:mozilla:seamonkey:2.0:rc2:*:*:*:*:*:*
  • cpe:2.3:a:mozilla:seamonkey:2.0.1:*:*:*:*:*:*:*
    cpe:2.3:a:mozilla:seamonkey:2.0.1:*:*:*:*:*:*:*
  • cpe:2.3:a:mozilla:seamonkey:2.0.2:*:*:*:*:*:*:*
    cpe:2.3:a:mozilla:seamonkey:2.0.2:*:*:*:*:*:*:*
  • cpe:2.3:a:mozilla:seamonkey:2.0.3:*:*:*:*:*:*:*
    cpe:2.3:a:mozilla:seamonkey:2.0.3:*:*:*:*:*:*:*
  • cpe:2.3:a:mozilla:seamonkey:-:*:*:*:*:*:*:*
    cpe:2.3:a:mozilla:seamonkey:-:*:*:*:*:*:*:*
  • cpe:2.3:a:mozilla:seamonkey:1.1:*:alpha:*:*:*:*:*
    cpe:2.3:a:mozilla:seamonkey:1.1:*:alpha:*:*:*:*:*
  • cpe:2.3:a:mozilla:seamonkey:1.1:*:beta:*:*:*:*:*
    cpe:2.3:a:mozilla:seamonkey:1.1:*:beta:*:*:*:*:*
  • cpe:2.3:a:mozilla:seamonkey:1.1.18:*:*:*:*:*:*:*
    cpe:2.3:a:mozilla:seamonkey:1.1.18:*:*:*:*:*:*:*
  • cpe:2.3:a:mozilla:seamonkey:1.1.19:*:*:*:*:*:*:*
    cpe:2.3:a:mozilla:seamonkey:1.1.19:*:*:*:*:*:*:*
  • cpe:2.3:a:mozilla:seamonkey:1.5.0.8:*:*:*:*:*:*:*
    cpe:2.3:a:mozilla:seamonkey:1.5.0.8:*:*:*:*:*:*:*
  • cpe:2.3:a:mozilla:seamonkey:1.5.0.9:*:*:*:*:*:*:*
    cpe:2.3:a:mozilla:seamonkey:1.5.0.9:*:*:*:*:*:*:*
  • cpe:2.3:a:mozilla:seamonkey:1.5.0.10:*:*:*:*:*:*:*
    cpe:2.3:a:mozilla:seamonkey:1.5.0.10:*:*:*:*:*:*:*
  • cpe:2.3:a:mozilla:seamonkey:2.0.4:*:*:*:*:*:*:*
    cpe:2.3:a:mozilla:seamonkey:2.0.4:*:*:*:*:*:*:*
CVSS
Base: 5.8 (as of 19-09-2017 - 01:31)
Impact:
Exploitability:
CWE CWE-310
CAPEC
  • Signature Spoofing by Key Recreation
    An attacker obtains an authoritative or reputable signer's private signature key by exploiting a cryptographic weakness in the signature algorithm or pseudorandom number generation and then uses this key to forge signatures from the original signer to mislead a victim into performing actions that benefit the attacker.
Access
VectorComplexityAuthentication
NETWORK MEDIUM NONE
Impact
ConfidentialityIntegrityAvailability
PARTIAL PARTIAL NONE
cvss-vector via4 AV:N/AC:M/Au:N/C:P/I:P/A:N
oval via4
accepted 2014-10-06T04:04:27.521-04:00
class vulnerability
contributors
  • name SecPod Team
    organization SecPod Technologies
  • name Sergey Artykhov
    organization ALTX-SOFT
  • name Sergey Artykhov
    organization ALTX-SOFT
  • name Shane Shaffer
    organization G2, Inc.
  • name Maria Kedovskaya
    organization ALTX-SOFT
  • name Evgeniy Pavlov
    organization ALTX-SOFT
  • name Evgeniy Pavlov
    organization ALTX-SOFT
  • name Evgeniy Pavlov
    organization ALTX-SOFT
definition_extensions
  • comment Mozilla Firefox Mainline release is installed
    oval oval:org.mitre.oval:def:22259
  • comment Mozilla Seamonkey is installed
    oval oval:org.mitre.oval:def:6372
description The js_InitRandom function in the JavaScript implementation in Mozilla Firefox 3.5.x before 3.5.10 and 3.6.x before 3.6.4, and SeaMonkey before 2.0.5, uses the current time for seeding of a random number generator, which makes it easier for remote attackers to guess the seed value via a brute-force attack, a different vulnerability than CVE-2008-5913.
family windows
id oval:org.mitre.oval:def:7339
status accepted
submitted 2010-10-21T14:10:18
title Vulnerability in js_InitRandom function in the JavaScript implementation in Mozilla Firefox and Seamonkey
version 31
refmap via4
confirm https://bugzilla.mozilla.org/show_bug.cgi?id=475585
Last major update 19-09-2017 - 01:31
Published 15-09-2010 - 20:00
Last modified 19-09-2017 - 01:31
Back to Top