Lucene search
Copyright (C) 2010 Greenbone AGOPENVAS:1361412562310902306HistorySep 21, 2010 - 12:00 a.m.
Mozilla Products 'js_InitRandom' Information Disclosure Vulnerability - Windows
2010-09-2100:00:00
Copyright (C) 2010 Greenbone AG
plugins.openvas.org
14
9.1 High
AI Score
Confidence
High
5.8 Medium
CVSS2
Access Vector
NETWORK
Access Complexity
MEDIUM
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
PARTIAL
Availability Impact
NONE
AV:N/AC:M/Au:N/C:P/I:P/A:N
0.002 Low
EPSS
Percentile
64.4%
Mozilla Firefox is prone to an information disclosure vulnerability.
# SPDX-FileCopyrightText: 2010 Greenbone AG
# Some text descriptions might be excerpted from (a) referenced
# source(s), and are Copyright (C) by the respective right holder(s).
#
# SPDX-License-Identifier: GPL-2.0-only
if(description)
{
script_oid("1.3.6.1.4.1.25623.1.0.902306");
script_version("2024-02-15T05:05:39+0000");
script_tag(name:"last_modification", value:"2024-02-15 05:05:39 +0000 (Thu, 15 Feb 2024)");
script_tag(name:"creation_date", value:"2010-09-21 16:43:08 +0200 (Tue, 21 Sep 2010)");
script_cve_id("CVE-2010-3400");
script_tag(name:"cvss_base", value:"5.8");
script_tag(name:"cvss_base_vector", value:"AV:N/AC:M/Au:N/C:P/I:P/A:N");
script_name("Mozilla Products 'js_InitRandom' Information Disclosure Vulnerability - Windows");
script_xref(name:"URL", value:"https://bugzilla.mozilla.org/show_bug.cgi?id=475585");
script_tag(name:"qod_type", value:"registry");
script_category(ACT_GATHER_INFO);
script_copyright("Copyright (C) 2010 Greenbone AG");
script_family("General");
script_dependencies("gb_firefox_detect_portable_win.nasl", "gb_seamonkey_detect_win.nasl");
script_mandatory_keys("Mozilla/Firefox_or_Seamonkey_or_Thunderbird/Installed");
script_tag(name:"impact", value:"Successful exploitation will let attackers to guess the seed value
via a brute-force attack.");
script_tag(name:"affected", value:"Mozilla Firefox version 3.5.x before 3.5.10
Mozilla Firefox version 3.6.x before 3.6.4
SeaMonkey version before 2.0.5.");
script_tag(name:"insight", value:"The flaw is due to error in 'js_InitRandom' function in the
JavaScript implementation uses the current time for seeding of a random number generator.");
script_tag(name:"summary", value:"Mozilla Firefox is prone to an information disclosure vulnerability.");
script_tag(name:"solution", value:"Upgrade to Mozilla Firefox version 3.5.10 or 3.6.4 or later and
Seamonkey version 2.0.5 or later.");
script_tag(name:"solution_type", value:"VendorFix");
exit(0);
}
include("version_func.inc");
ffVer = get_kb_item("Firefox/Win/Ver");
if(ffVer)
{
if(version_in_range(version:ffVer, test_version:"3.5.0", test_version2:"3.5.9")||
version_in_range(version:ffVer, test_version:"3.6.0", test_version2:"3.6.3"))
{
security_message( port: 0, data: "The target host was found to be vulnerable" );
exit(0);
}
}
seaVer = get_kb_item("Seamonkey/Win/Ver");
if(seaVer)
{
if(version_is_less(version:seaVer, test_version:"2.0.5")){
security_message( port: 0, data: "The target host was found to be vulnerable" );
}
}
Related
openvas
openvas
Gentoo Security Advisory GLSA 201301-01
2015-09-29 00:00:00
prion
prion
Design/Logic Flaw
2010-09-15 20:00:00
ubuntucve
ubuntucve
CVE-2010-3400
2010-09-15 00:00:00
seebug
seebug
Mozilla Firefox js_InitRandomε½ζ°δΈε
ειζΊζ°ζΌζ΄
2010-09-25 00:00:00
cve
cve
CVE-2010-3400
2010-09-15 20:00:00
gentoo
gentoo
Mozilla Products: Multiple vulnerabilities
2013-01-08 00:00:00
nessus
nessus
GLSA-201301-01 : Mozilla Products: Multiple vulnerabilities (BEAST)
2013-01-08 00:00:00
9.1 High
AI Score
Confidence
High
5.8 Medium
CVSS2
Access Vector
NETWORK
Access Complexity
MEDIUM
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
PARTIAL
Availability Impact
NONE
AV:N/AC:M/Au:N/C:P/I:P/A:N
0.002 Low
EPSS
Percentile
64.4%
Related for OPENVAS:1361412562310902306