CVE-2010-3171

Name of the Vulnerable Software and Affected Versions Mozilla Firefox versions 3.5.10 through 3.5.11 Mozilla Firefox versions 3.6.4 through 3.6.8 Mozilla Firefox version 4.0 Beta1

Description The issue is related to the Math.random function in the JavaScript implementation, which uses a random number generator seeded only once per document object. This makes it easier for remote attackers to track a user or trick a user into acting upon a spoofed pop-up message by calculating the seed value. The issue is related to a "temporary footprint" and an "in-session phishing attack."

Recommendations For Mozilla Firefox versions 3.5.10 through 3.5.11, update to a version that correctly fixes the random number generator seeding issue. For Mozilla Firefox versions 3.6.4 through 3.6.8, update to a version that correctly fixes the random number generator seeding issue. For Mozilla Firefox version 4.0 Beta1, update to a version that correctly fixes the random number generator seeding issue.