Информационная безопасность
[RU] switch to English


Дополнительная информация

  Многочисленные уязвимости безопасности в Mozilla Firefox / Seamonkey

  ZDI-10-113: Mozilla Firefox XSLT Sort Remote Code Execution Vulnerability

  Mozilla Foundation Security Advisory 2010-32

  Mozilla Foundation Security Advisory 2010-31

  Mozilla Foundation Security Advisory 2010-30

From:MOZILLA
Date:25 июня 2010 г.
Subject:Mozilla Foundation Security Advisory 2010-33

Mozilla Foundation Security Advisory 2010-33

Title: User tracking across sites using Math.random()
Impact: Low
Announced: June 22, 2010
Reporter: Amit Klein
Products: Firefox, SeaMonkey

Fixed in: Firefox 3.6.4
 Firefox 3.5.10
 SeaMonkey 2.0.5
Description

Security researcher Amit Klein reported that it was possible to reverse engineer the value used to seed Math.random(). Since the pseudo-random number generator was only seeded once per browsing session, this seed value could be used as a unique token to identify and track users across different web sites.
References

   * https://bugzilla.mozilla.org/show_bug.cgi?id=475585
   * CVE-2008-5913

О сайте | Условия использования
© SecurityVulns, 3APA3A, Владимир Дубровин
Нижний Новгород