Логотип exploitDog
Консоль
Логотип exploitDog

exploitDog

redhat логотип

CVE-2008-5913

Опубликовано: 13 янв. 2009
Источник: redhat
CVSS2: 3.6
EPSS Низкий

Описание

The Math.random function in the JavaScript implementation in Mozilla Firefox 3.5.x before 3.5.10 and 3.6.x before 3.6.4, and SeaMonkey before 2.0.5, uses a random number generator that is seeded only once per browser session, which makes it easier for remote attackers to track a user, or trick a user into acting upon a spoofed pop-up message, by calculating the seed value, related to a "temporary footprint" and an "in-session phishing attack."

Затронутые пакеты

ПлатформаПакетСостояниеРекомендацияРелиз
Red Hat Enterprise Linux 4seamonkeyWill not fix
Red Hat Enterprise Linux 4firefoxFixedRHSA-2010:050022.06.2010
Red Hat Enterprise Linux 5devhelpFixedRHSA-2010:050122.06.2010
Red Hat Enterprise Linux 5escFixedRHSA-2010:050122.06.2010
Red Hat Enterprise Linux 5firefoxFixedRHSA-2010:050122.06.2010
Red Hat Enterprise Linux 5gnome-python2-extrasFixedRHSA-2010:050122.06.2010
Red Hat Enterprise Linux 5totemFixedRHSA-2010:050122.06.2010
Red Hat Enterprise Linux 5xulrunnerFixedRHSA-2010:050122.06.2010
Red Hat Enterprise Linux 5yelpFixedRHSA-2010:050122.06.2010

Показывать по

Ссылки на источники

Дополнительная информация

Статус:

Low
https://bugzilla.redhat.com/show_bug.cgi?id=480938mozilla: in-session phishing attack

EPSS

Процентиль: 56%
0.00345
Низкий

3.6 Low

CVSS2

Связанные уязвимости

ubuntu логотип

CVE-2008-5913

ubuntu
больше 16 лет назад

The Math.random function in the JavaScript implementation in Mozilla Firefox 3.5.x before 3.5.10 and 3.6.x before 3.6.4, and SeaMonkey before 2.0.5, uses a random number generator that is seeded only once per browser session, which makes it easier for remote attackers to track a user, or trick a user into acting upon a spoofed pop-up message, by calculating the seed value, related to a "temporary footprint" and an "in-session phishing attack."

nvd логотип

CVE-2008-5913

nvd
больше 16 лет назад

The Math.random function in the JavaScript implementation in Mozilla Firefox 3.5.x before 3.5.10 and 3.6.x before 3.6.4, and SeaMonkey before 2.0.5, uses a random number generator that is seeded only once per browser session, which makes it easier for remote attackers to track a user, or trick a user into acting upon a spoofed pop-up message, by calculating the seed value, related to a "temporary footprint" and an "in-session phishing attack."

debian логотип

CVE-2008-5913

debian
больше 16 лет назад

The Math.random function in the JavaScript implementation in Mozilla F ...

github логотип

GHSA-7mj9-f8rr-cqvj

github
около 3 лет назад

The Math.random function in the JavaScript implementation in Mozilla Firefox 3.5.x before 3.5.10 and 3.6.x before 3.6.4, and SeaMonkey before 2.0.5, uses a random number generator that is seeded only once per browser session, which makes it easier for remote attackers to track a user, or trick a user into acting upon a spoofed pop-up message, by calculating the seed value, related to a "temporary footprint" and an "in-session phishing attack."

oracle-oval логотип

ELSA-2010-0501

oracle-oval
почти 15 лет назад

ELSA-2010-0501: firefox security, bug fix, and enhancement update (CRITICAL)

EPSS

Процентиль: 56%
0.00345
Низкий

3.6 Low

CVSS2