QwikSec

Security Database

CVE

CWE

Training

CVE-2010-3399

Published: Sep 15, 2010

Modified: Aug 7, 2024

PUBLISHED

Description

The js_InitRandom function in the JavaScript implementation in Mozilla Firefox 3.5.10 through 3.5.11, 3.6.4 through 3.6.8, and 4.0 Beta1 uses a context pointer in conjunction with its successor pointer for seeding of a random number generator, which makes it easier for remote attackers to guess the seed value via a brute-force attack, a different vulnerability than CVE-2010-3171.

Vendor	Product	Versions
n/a	n/a	affected `n/a`

References

https://bugzilla.mozilla.org/show_bug.cgi?id=475585

x_refsource_MISC

http://blogs.sun.com/security/entry/multiple_vulnerabilities_in_mozilla_firefox

x_refsource_CONFIRM

third-party-advisory

x_refsource_SECUNIA

vdb-entry

x_refsource_VUPEN

http://www.trusteer.com/sites/default/files/Cross_domain_Math_Random_leakage_in_FF_3.6.4-3.6.8.pdf

x_refsource_MISC

https://bugzilla.mozilla.org/show_bug.cgi?id=577512

x_refsource_MISC

oval:org.mitre.oval:def:7598

vdb-entry

signature

x_refsource_OVAL

20100914 New writeup by Amit Klein (Trusteer): "Cross-domain information leakage in Firefox 3.6.4-3.6.8, Firefox 3.5.10-3.5.11 and Firefox 4.0 Beta1"

mailing-list

x_refsource_BUGTRAQ

Security Training

Train your team to recognize and prevent security threats with our comprehensive security awareness program.

Vulnerability Scanning

Discover vulnerabilities in your applications and infrastructure before attackers do.

CVE-2010-3399 - Security Vulnerability | QwikSec