CVE-2008-5913

Name of the Vulnerable Software and Affected Versions Mozilla Firefox versions 3.5.x through 3.5.9 Mozilla Firefox versions 3.6.x through 3.6.3 SeaMonkey versions prior to 2.0.5

Description The issue concerns the Math.random function in the JavaScript implementation, which uses a random number generator seeded only once per browser session. This makes it easier for remote attackers to track a user or trick a user into acting upon a spoofed pop-up message by calculating the seed value. This is related to a temporary footprint and an in-session phishing attack.

Recommendations For Mozilla Firefox versions 3.5.x through 3.5.9, update to version 3.5.10 or later. For Mozilla Firefox versions 3.6.x through 3.6.3, update to version 3.6.4 or later. For SeaMonkey versions prior to 2.0.5, update to version 2.0.5 or later.