logo
DATABASE RESOURCES PRICING ABOUT US

Mozilla Foundation Security Advisory 2010-33

Description

Mozilla Foundation Security Advisory 2010-33 Title: User tracking across sites using Math.random() Impact: Low Announced: June 22, 2010 Reporter: Amit Klein Products: Firefox, SeaMonkey Fixed in: Firefox 3.6.4 Firefox 3.5.10 SeaMonkey 2.0.5 Description Security researcher Amit Klein reported that it was possible to reverse engineer the value used to seed Math.random(). Since the pseudo-random number generator was only seeded once per browsing session, this seed value could be used as a unique token to identify and track users across different web sites. References * https://bugzilla.mozilla.org/show_bug.cgi?id=475585 * CVE-2008-5913


Related