CVE-2008-5913 — Mozilla Seamonkey vulnerability

CWE-31021 documents7 sources

Severity

5.8MEDIUMNVD

NVD5.0NVD4.9CNA4.9OSV4.9

EPSS

0.4%

top 37.12%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Apple Safari Mozilla Seamonkey Mozilla Firefox

Timeline

PublishedJan 20

Latest updateMay 17

Description

The Math.random function in the JavaScript implementation in Mozilla Firefox 3.5.x before 3.5.10 and 3.6.x before 3.6.4, and SeaMonkey before 2.0.5, uses a random number generator that is seeded only once per browser session, which makes it easier for remote attackers to track a user, or trick a user into acting upon a spoofed pop-up message, by calculating the seed value, related to a "temporary footprint" and an "in-session phishing attack."

CVSS vector

AV:N/AC:M/C:P/I:P/A:NExploitability: 6.8 | Impact: 4.9

Affected Packages3 packages

▶NVDmozilla/seamonkey2.0.4+32

▶NVDmozilla/firefox20 versions+19

▶NVDapple/safari5.0.2+52

🔴Vulnerability Details

GHSA

GHSA-7mj9-f8rr-cqvj: The Math↗2022-05-17

▶

GHSA

GHSA-h84m-77j2-99hq: The JavaScript implementation in WebKit in Apple Safari before 5↗2022-05-17

▶

GHSA

GHSA-83cp-2h62-q83c: The js_InitRandom function in the JavaScript implementation in Mozilla Firefox 3↗2022-05-17

▶

GHSA

GHSA-v4fq-jrv5-w6jf: The Math↗2022-05-17

▶

OSV

CVE-2010-3804: The JavaScript implementation in WebKit in Apple Safari before 5↗2010-11-22

▶

📋Vendor Advisories

Ubuntu

Firefox and Xulrunner vulnerability↗2010-07-26

▶

Ubuntu

Firefox and Xulrunner vulnerabilities↗2010-07-23

▶

Ubuntu

ant, apturl, Epiphany, gluezilla, gnome-python-extras, liferea, mozvoikko, OpenJDK, packagekit, ubufox, webfav, yelp update↗2010-07-23

▶

Ubuntu

Firefox regression↗2010-06-30

▶

Ubuntu

Firefox and Xulrunner vulnerabilities↗2010-06-29

▶

💬Community

Bugzilla

CVE-2008-5913 mozilla: in-session phishing attack↗2009-01-21

▶