3 matches found
Firefox JavaScript引擎Math.Random()跨域信息泄露漏洞
BUGTRAQ ID: 33276 CVE ID: CVE-2009-1696,CVE-2008-5913 Firefox是非常流行的开源WEB浏览器。 Firefox的JavaScript实现的Math.random函数中存在安全漏洞,攻击者可以对该函数的种子值进行逆向。由于对于每个浏览的会话伪随机数生成器仅提供了一次种子,因此可以将这个种子值用作唯一的令牌跨不同的网站识别和追踪用户。 Mozilla Firefox 3.6.x Mozilla Firefox 3.5.x Mozilla SeaMonkey 2.0.5 厂商补丁: Debian ------...
CVE-2009-1696
WebKit in Apple Safari before 4.0, iPhone OS 1.0 through 2.2.1, and iPhone OS for iPod touch 1.1 through 2.2.1 uses predictable random numbers in JavaScript applications, which makes it easier for remote web servers to track the behavior of a Safari user during a session...
CVE-2009-1696
CVE-2009-1696 affects WebKit/Apple Safari and related iOS components, where Safari before 4.0 (including iPhone OS 1.0–2.2.1 and iPod touch 1.1–2.2.1) used predictable JavaScript RNG. This predictability could allow remote servers to track a Safari user’s session behavior. Connected documents con...