Описание
The Math.random function in the JavaScript implementation in Mozilla Firefox 3.5.10 through 3.5.11, 3.6.4 through 3.6.8, and 4.0 Beta1 uses a random number generator that is seeded only once per document object, which makes it easier for remote attackers to track a user, or trick a user into acting upon a spoofed pop-up message, by calculating the seed value, related to a "temporary footprint" and an "in-session phishing attack." NOTE: this vulnerability exists because of an incorrect fix for CVE-2008-5913.
| Релиз | Статус | Примечание |
|---|---|---|
| dapper | ignored | end of life |
| devel | not-affected | 4.0+nobinonly-0ubuntu1 |
| hardy | ignored | end of life |
| jaunty | DNE | |
| karmic | DNE | |
| lucid | not-affected | 3.6.16+build1+nobinonly-0ubuntu0.10.04.1 |
| maverick | not-affected | 3.6.16+build1+nobinonly-0ubuntu0.10.10.1 |
| natty | not-affected | 4.0+nobinonly-0ubuntu1 |
| upstream | needs-triage |
Показывать по
| Релиз | Статус | Примечание |
|---|---|---|
| dapper | DNE | |
| devel | DNE | |
| hardy | not-affected | 3.6.16+build1+nobinonly-0ubuntu0.8.04.1 |
| jaunty | ignored | end of life |
| karmic | DNE | |
| lucid | DNE | |
| maverick | DNE | |
| natty | DNE | |
| upstream | needs-triage | Ubuntu source uses 3.6.x |
Показывать по
| Релиз | Статус | Примечание |
|---|---|---|
| dapper | DNE | |
| devel | DNE | |
| hardy | DNE | |
| jaunty | ignored | |
| karmic | not-affected | 3.6.16+build1+nobinonly-0ubuntu0.9.10.1 |
| lucid | DNE | |
| maverick | DNE | |
| natty | DNE | |
| upstream | needs-triage | Ubuntu source uses 3.6.x |
Показывать по
| Релиз | Статус | Примечание |
|---|---|---|
| dapper | DNE | |
| devel | not-affected | |
| hardy | not-affected | 2.0.11+build1+nobinonly-0ubuntu0.8.04.1 |
| jaunty | ignored | end of life |
| karmic | not-affected | |
| lucid | not-affected | |
| maverick | not-affected | |
| natty | not-affected | |
| upstream | needs-triage |
Показывать по
| Релиз | Статус | Примечание |
|---|---|---|
| dapper | DNE | |
| devel | not-affected | |
| hardy | ignored | end of life |
| jaunty | ignored | end of life |
| karmic | ignored | end of life |
| lucid | not-affected | 3.1.8+build3+nobinonly-0ubuntu0.10.04.1 |
| maverick | not-affected | |
| natty | not-affected | |
| upstream | needs-triage |
Показывать по
| Релиз | Статус | Примечание |
|---|---|---|
| dapper | DNE | |
| devel | not-affected | 1.9.2.15+build1+nobinonly-0ubuntu1 |
| hardy | not-affected | 1.9.2.16+build1+nobinonly-0ubuntu0.8.04.1 |
| jaunty | ignored | end of life |
| karmic | not-affected | |
| lucid | not-affected | |
| maverick | not-affected | |
| natty | not-affected | 1.9.2.15+build1+nobinonly-0ubuntu1 |
| upstream | needs-triage |
Показывать по
Ссылки на источники
EPSS
5.8 Medium
CVSS2
Связанные уязвимости
The Math.random function in the JavaScript implementation in Mozilla Firefox 3.5.10 through 3.5.11, 3.6.4 through 3.6.8, and 4.0 Beta1 uses a random number generator that is seeded only once per document object, which makes it easier for remote attackers to track a user, or trick a user into acting upon a spoofed pop-up message, by calculating the seed value, related to a "temporary footprint" and an "in-session phishing attack." NOTE: this vulnerability exists because of an incorrect fix for CVE-2008-5913.
The Math.random function in the JavaScript implementation in Mozilla F ...
The Math.random function in the JavaScript implementation in Mozilla Firefox 3.5.10 through 3.5.11, 3.6.4 through 3.6.8, and 4.0 Beta1 uses a random number generator that is seeded only once per document object, which makes it easier for remote attackers to track a user, or trick a user into acting upon a spoofed pop-up message, by calculating the seed value, related to a "temporary footprint" and an "in-session phishing attack." NOTE: this vulnerability exists because of an incorrect fix for CVE-2008-5913.
EPSS
5.8 Medium
CVSS2