Public exploit available
Public proof-of-concept or exploit code exists (ExploitDB / Metasploit / Nuclei).

CVE-2010-3171Mozilla Firefox vulnerability

CWE-3108 documents4 sources
Severity
5.8MEDIUMNVD
NVD5.0OSV4.9
EPSS
8.7%
top 7.50%
CISA KEV
Not in KEV
Exploit
PoC available
Public exploit / PoC exists
Affected products
2
Apple SafariMozilla Firefox
Timeline
PublishedSep 15
Latest updateMay 17

Description

The Math.random function in the JavaScript implementation in Mozilla Firefox 3.5.10 through 3.5.11, 3.6.4 through 3.6.8, and 4.0 Beta1 uses a random number generator that is seeded only once per document object, which makes it easier for remote attackers to track a user, or trick a user into acting upon a spoofed pop-up message, by calculating the seed value, related to a "temporary footprint" and an "in-session phishing attack." NOTE: this vulnerability exists because of an incorrect fix for CV

CVSS vector

AV:N/AC:M/C:P/I:P/A:NExploitability: 8.6 | Impact: 4.9

Affected Packages2 packages

NVDmozilla/firefox7 versions+6
NVDapple/safari5.0.2+52

🔴Vulnerability Details

4
GHSA
GHSA-h84m-77j2-99hq: The JavaScript implementation in WebKit in Apple Safari before 52022-05-17
GHSA
GHSA-hmj5-pvfm-pffx: The js_InitRandom function in the JavaScript implementation in Mozilla Firefox 32022-05-17
GHSA
GHSA-v4fq-jrv5-w6jf: The Math2022-05-17
OSV
CVE-2010-3804: The JavaScript implementation in WebKit in Apple Safari before 52010-11-22

💥Exploits & PoCs

1
Exploit-DB
Mozilla Firefox 3.6.8 - 'Math.random()' Cross Domain Information Disclosure2010-09-14