PT-2010-4790 · Mozilla · Firefox
Amit Klein
·
Published
2010-09-15
·
Updated
2017-09-19
·
CVE-2010-3399
CVSS v2.0
5.8
Medium
| Vector | AV:N/AC:M/Au:N/C:P/I:P/A:N |
Name of the Vulnerable Software and Affected Versions
Mozilla Firefox versions 3.5.10 through 3.5.11
Mozilla Firefox versions 3.6.4 through 3.6.8
Mozilla Firefox version 4.0 Beta1
Description
The issue concerns the js InitRandom function in the JavaScript implementation, which uses a context pointer in conjunction with its successor pointer for seeding a random number generator. This makes it easier for remote attackers to guess the seed value via a brute-force attack.
Recommendations
For Mozilla Firefox versions 3.5.10 through 3.5.11, update to a version that fixes this issue.
For Mozilla Firefox versions 3.6.4 through 3.6.8, update to a version that fixes this issue.
For Mozilla Firefox version 4.0 Beta1, update to a version that fixes this issue.
Exploit
Fix
Found an issue in the description? Have something to add? Feel free to write us 👾
Weakness Enumeration
Related Identifiers
Affected Products
Firefox