8 matches found
CVE-2010-3804
The JavaScript implementation in WebKit in Apple Safari before 5.0.3 on Mac OS X 10.5 through 10.6 and Windows, and before 4.1.3 on Mac OS X 10.4, uses a weak algorithm for generating values of random numbers, which makes it easier for remote attackers to track a user by predicting a value, a...
CVE-2010-3804
The JavaScript implementation in WebKit in Apple Safari before 5.0.3 on Mac OS X 10.5 through 10.6 and Windows, and before 4.1.3 on Mac OS X 10.4, uses a weak algorithm for generating values of random numbers, which makes it easier for remote attackers to track a user by predicting a value, a...
Sql injection
The JavaScript implementation in WebKit in Apple Safari before 5.0.3 on Mac OS X 10.5 through 10.6 and Windows, and before 4.1.3 on Mac OS X 10.4, uses a weak algorithm for generating values of random numbers, which makes it easier for remote attackers to track a user by predicting a value, a...
CVE-2010-3804
CVE-2010-3804 concerns the JavaScript RNG in WebKit used by Apple Safari, where a weak random-number generation algorithm makes it easier to track a user by predicting values. Affected are Safari before 5.0.3 on Mac OS X 10.5–10.6 and Windows, and before 4.1.3 on Mac OS X 10.4. Root cause is the ...
New writeup by Amit Klein (Trusteer): "Cross-domain information leakage in Firefox 3.6.4-3.6.8, Firefox 3.5.10-3.5.11 and Firefox 4.0 Beta1"
Hi list I would like to announce a new writeup, titled "Cross-domain information leakage in Firefox 3.6.4-3.6.8, Firefox 3.5.10-3.5.11 and Firefox 4.0 Beta1". The writeup is available in the following URL: http://www.trusteer.com/sites/default/files/CrossdomainMathRandomleakageinFF3.6.4-3.6.8.pdf...
CVE-2010-3171
The Math.random function in the JavaScript implementation in Mozilla Firefox 3.5.10 through 3.5.11, 3.6.4 through 3.6.8, and 4.0 Beta1 uses a random number generator that is seeded only once per document object, which makes it easier for remote attackers to track a user, or trick a user into acti...
CVE-2010-3399
The jsInitRandom function in the JavaScript implementation in Mozilla Firefox 3.5.10 through 3.5.11, 3.6.4 through 3.6.8, and 4.0 Beta1 uses a context pointer in conjunction with its successor pointer for seeding of a random number generator, which makes it easier for remote attackers to guess th...
CVE-2010-3171
CVE-2010-3171 relates to the Firefox JavaScript Math.random() seed being initialized only once per document object, making it easier for remote attackers to track a user or trigger in-session phishing via spoofed pop-ups. The issue ties to an underlying fix (CVE-2008-5913) that was not fully corr...