Lucene search

K
ubuntucveUbuntu.comUB:CVE-2010-3171
HistorySep 15, 2010 - 12:00 a.m.

CVE-2010-3171

2010-09-1500:00:00
ubuntu.com
ubuntu.com
9

5.8 Medium

CVSS2

Access Vector

NETWORK

Access Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

NONE

AV:N/AC:M/Au:N/C:P/I:P/A:N

0.021 Low

EPSS

Percentile

88.8%

The Math.random function in the JavaScript implementation in Mozilla
Firefox 3.5.10 through 3.5.11, 3.6.4 through 3.6.8, and 4.0 Beta1 uses a
random number generator that is seeded only once per document object, which
makes it easier for remote attackers to track a user, or trick a user into
acting upon a spoofed pop-up message, by calculating the seed value,
related to a “temporary footprint” and an “in-session phishing attack.”
NOTE: this vulnerability exists because of an incorrect fix for
CVE-2008-5913.

Bugs

Notes

Author Note
jdstrand CVEs in Firefox are tracked in the xulrunner source packages for builds that use the system xulrunner, and firefox source packages for those that use a static build xulrunner (1.8.0): firefox (1.5) - Ubuntu 6.06 LTS (system xul) xulrunner (1.8.1): firefox (2.0) - Ubuntu 6.10 - 8.04 LTS (system xul) xulrunner-1.9: (ignored) reverse dependencies no longer process web content xulrunner-1.9.1: (ignored) reverese dependencies no longer process web content xulrunner-1.9.2: system xul for reverese dependencies that process web content firefox: Ubuntu 6.06 LTS (static build) firefox: Ubuntu 10.04 LTS and higher (static build of 3.6.x or higher) firefox-3.0: Ubuntu 8.04 LTS, 9.04 (static build of 3.6.x) firefox-3.5: Ubuntu 9.04 (ignored, uses system xul 1.9.1. Use 3.0 instead) firefox-3.5: Ubuntu 9.10 (static build of 3.6.x)

5.8 Medium

CVSS2

Access Vector

NETWORK

Access Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

NONE

AV:N/AC:M/Au:N/C:P/I:P/A:N

0.021 Low

EPSS

Percentile

88.8%

Related for UB:CVE-2010-3171