The Math.random function in the JavaScript implementation in Mozilla Firefox 3.5.10 up to and including 3.5.11, 3.6.4 up to and including 3.6.8, and 4.0 Beta1 uses a random number generator that is seeded only once per document object, which makes it easier for remote malicious users to track a user, or trick a user into acting upon a spoofed pop-up message, by calculating the seed value, related to a "temporary footprint" and an "in-session phishing attack." NOTE: this vulnerability exists because of an incorrect fix for CVE-2008-5913.
Vulnerable Product | Search on Vulmon | Subscribe to Product |
---|---|---|
mozilla firefox 3.6.4 |
||
mozilla firefox 4.0 |
||
mozilla firefox 3.6.7 |
||
mozilla firefox 3.6.6 |
||
mozilla firefox 3.5.11 |
||
mozilla firefox 3.6.8 |
||
mozilla firefox 3.5.10 |