Lucene search
SecurityvulnsSECURITYVULNS:DOC:24126HistoryJun 25, 2010 - 12:00 a.m.
Mozilla Foundation Security Advisory 2010-33
2010-06-2500:00:00
vulners.com
75
Mozilla Foundation Security Advisory 2010-33
Title: User tracking across sites using Math.random()
Impact: Low
Announced: June 22, 2010
Reporter: Amit Klein
Products: Firefox, SeaMonkey
Fixed in: Firefox 3.6.4
Firefox 3.5.10
SeaMonkey 2.0.5
Description
Security researcher Amit Klein reported that it was possible to reverse engineer the value used to seed Math.random(). Since the pseudo-random number generator was only seeded once per browsing session, this seed value could be used as a unique token to identify and track users across different web sites.
References
* https://bugzilla.mozilla.org/show_bug.cgi?id=475585
* CVE-2008-5913
Related
openvas
openvas
Firefox Information Disclosure Vulnerability Jan09 (Windows)
2009-01-28 00:00:00
Firefox Information Disclosure Vulnerability (Jan 2009) - Windows
2009-01-28 00:00:00
Mandriva Update for firefox MDVSA-2010:125 (firefox)
2010-06-25 00:00:00
ubuntucve
ubuntucve
cve
cve
veracode
veracode
Insecure Randomness
2020-04-10 00:43:41
prion
prion
Session fixation
2009-01-20 16:30:00
Design/Logic Flaw
2010-09-15 20:00:00
Code injection
2010-09-15 20:00:00
mozilla
mozilla
User tracking across sites using Math.random() β Mozilla
2010-06-22 00:00:00
seebug
seebug
Firefox JavaScriptεΌζMath.Random()θ·¨εδΏ‘ζ―ζ³ι²ζΌζ΄
2010-06-28 00:00:00
nessus
nessus
SeaMonkey < 2.0.5 Multiple Vulnerabilities
2010-06-23 00:00:00
Firefox 3.6 < 3.6.4 Multiple Vulnerabilities
2010-06-23 00:00:00
Mandriva Linux Security Advisory : firefox (MDVSA-2010:125)
2010-06-25 00:00:00
fedora
fedora
[SECURITY] Fedora 13 Update: firefox-3.6.4-1.fc13
2010-06-24 16:31:49
[SECURITY] Fedora 13 Update: galeon-2.0.7-29.fc13
2010-06-24 16:31:49
[SECURITY] Fedora 13 Update: xulrunner-1.9.2.4-1.fc13
2010-06-24 16:31:49
ubuntu
ubuntu
Firefox regression
2010-06-30 00:00:00
Firefox and Xulrunner vulnerabilities
2010-06-29 00:00:00
securityvulns
securityvulns
Mozilla Firefox / Seamonkey multiple security vulnerabilities
2010-06-25 00:00:00
redhat
redhat
(RHSA-2010:0501) Critical: firefox security, bug fix, and enhancement update
2010-06-22 00:00:00
(RHSA-2010:0500) Critical: firefox security, bug fix, and enhancement update
2010-06-22 00:00:00
freebsd
freebsd
mozilla -- multiple vulnerabilities
2010-06-22 00:00:00
oraclelinux
oraclelinux
firefox security, bug fix, and enhancement update
2010-06-23 00:00:00
firefox security, bug fix, and enhancement update
2010-06-23 00:00:00
suse
suse
remote code execution in MozillaFirefox,mozilla-xulrunner191
2010-07-09 14:53:59
centos
centos
firefox security update
2010-08-06 23:15:15
devhelp, esc, firefox, gnome, totem, xulrunner, yelp security update
2010-06-24 16:14:16
debian
debian
[Backports-security-announce] Security Update for xulrunner
2010-07-01 11:48:42
[Backports-security-announce] Security Update for xulrunner
2010-07-01 11:54:27
gentoo
gentoo
Mozilla Products: Multiple vulnerabilities
2013-01-08 00:00:00
Related for SECURITYVULNS:DOC:24126