Описание
The Math.random function in the JavaScript implementation in Mozilla Firefox 3.5.10 through 3.5.11, 3.6.4 through 3.6.8, and 4.0 Beta1 uses a random number generator that is seeded only once per document object, which makes it easier for remote attackers to track a user, or trick a user into acting upon a spoofed pop-up message, by calculating the seed value, related to a "temporary footprint" and an "in-session phishing attack." NOTE: this vulnerability exists because of an incorrect fix for CVE-2008-5913.
| Релиз | Статус | Примечание |
|---|---|---|
| dapper | ignored | end of life |
| devel | not-affected | 4.0+nobinonly-0ubuntu1 |
| hardy | ignored | end of life |
| jaunty | DNE | |
| karmic | DNE | |
| lucid | not-affected | 3.6.16+build1+nobinonly-0ubuntu0.10.04.1 |
| maverick | not-affected | 3.6.16+build1+nobinonly-0ubuntu0.10.10.1 |
| natty | not-affected | 4.0+nobinonly-0ubuntu1 |
| upstream | needs-triage |
Показывать по
| Релиз | Статус | Примечание |
|---|---|---|
| dapper | DNE | |
| devel | DNE | |
| hardy | not-affected | 3.6.16+build1+nobinonly-0ubuntu0.8.04.1 |
| jaunty | ignored | end of life |
| karmic | DNE | |
| lucid | DNE | |
| maverick | DNE | |
| natty | DNE | |
| upstream | needs-triage | Ubuntu source uses 3.6.x |
Показывать по
| Релиз | Статус | Примечание |
|---|---|---|
| dapper | DNE | |
| devel | DNE | |
| hardy | DNE | |
| jaunty | ignored | |
| karmic | not-affected | 3.6.16+build1+nobinonly-0ubuntu0.9.10.1 |
| lucid | DNE | |
| maverick | DNE | |
| natty | DNE | |
| upstream | needs-triage | Ubuntu source uses 3.6.x |
Показывать по
| Релиз | Статус | Примечание |
|---|---|---|
| dapper | DNE | |
| devel | not-affected | |
| hardy | not-affected | 2.0.11+build1+nobinonly-0ubuntu0.8.04.1 |
| jaunty | ignored | end of life |
| karmic | not-affected | |
| lucid | not-affected | |
| maverick | not-affected | |
| natty | not-affected | |
| upstream | needs-triage |
Показывать по
| Релиз | Статус | Примечание |
|---|---|---|
| dapper | DNE | |
| devel | not-affected | |
| hardy | ignored | end of life |
| jaunty | ignored | end of life |
| karmic | ignored | end of life |
| lucid | not-affected | 3.1.8+build3+nobinonly-0ubuntu0.10.04.1 |
| maverick | not-affected | |
| natty | not-affected | |
| upstream | needs-triage |
Показывать по
| Релиз | Статус | Примечание |
|---|---|---|
| dapper | DNE | |
| devel | not-affected | 1.9.2.15+build1+nobinonly-0ubuntu1 |
| hardy | not-affected | 1.9.2.16+build1+nobinonly-0ubuntu0.8.04.1 |
| jaunty | ignored | end of life |
| karmic | not-affected | |
| lucid | not-affected | |
| maverick | not-affected | |
| natty | not-affected | 1.9.2.15+build1+nobinonly-0ubuntu1 |
| upstream | needs-triage |
Показывать по
Ссылки на источники
5.8 Medium
CVSS2
Связанные уязвимости
The Math.random function in the JavaScript implementation in Mozilla Firefox 3.5.10 through 3.5.11, 3.6.4 through 3.6.8, and 4.0 Beta1 uses a random number generator that is seeded only once per document object, which makes it easier for remote attackers to track a user, or trick a user into acting upon a spoofed pop-up message, by calculating the seed value, related to a "temporary footprint" and an "in-session phishing attack." NOTE: this vulnerability exists because of an incorrect fix for CVE-2008-5913.
The Math.random function in the JavaScript implementation in Mozilla F ...
The Math.random function in the JavaScript implementation in Mozilla Firefox 3.5.10 through 3.5.11, 3.6.4 through 3.6.8, and 4.0 Beta1 uses a random number generator that is seeded only once per document object, which makes it easier for remote attackers to track a user, or trick a user into acting upon a spoofed pop-up message, by calculating the seed value, related to a "temporary footprint" and an "in-session phishing attack." NOTE: this vulnerability exists because of an incorrect fix for CVE-2008-5913.
5.8 Medium
CVSS2