Mozilla Foundation Security Advisory 2010-33

2010-06-25T00:00:00
ID SECURITYVULNS:DOC:24126
Type securityvulns
Reporter Securityvulns
Modified 2010-06-25T00:00:00

Description

Mozilla Foundation Security Advisory 2010-33

Title: User tracking across sites using Math.random() Impact: Low Announced: June 22, 2010 Reporter: Amit Klein Products: Firefox, SeaMonkey

Fixed in: Firefox 3.6.4 Firefox 3.5.10 SeaMonkey 2.0.5 Description

Security researcher Amit Klein reported that it was possible to reverse engineer the value used to seed Math.random(). Since the pseudo-random number generator was only seeded once per browsing session, this seed value could be used as a unique token to identify and track users across different web sites. References

* https://bugzilla.mozilla.org/show_bug.cgi?id=475585
* CVE-2008-5913