CVE-2010-3400 — Mozilla Seamonkey vulnerability

3 documents3 sources

Severity

5.8MEDIUMNVD

CNA4.9

EPSS

0.2%

top 52.40%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Mozilla Seamonkey Mozilla Firefox

Timeline

PublishedSep 15

Latest updateMay 17

Description

The js_InitRandom function in the JavaScript implementation in Mozilla Firefox 3.5.x before 3.5.10 and 3.6.x before 3.6.4, and SeaMonkey before 2.0.5, uses the current time for seeding of a random number generator, which makes it easier for remote attackers to guess the seed value via a brute-force attack, a different vulnerability than CVE-2008-5913.

CVSS vector

AV:N/AC:M/C:P/I:P/A:NExploitability: 8.6 | Impact: 4.9

Affected Packages2 packages

▶NVDmozilla/seamonkey2.0.4+32

▶NVDmozilla/firefox13 versions+12

Patches

Patch: bugzilla.mozilla.org ↗Patch: bugzilla.mozilla.org ↗

🔴Vulnerability Details

GHSA

GHSA-83cp-2h62-q83c: The js_InitRandom function in the JavaScript implementation in Mozilla Firefox 3↗2022-05-17

▶

CVEList

CVE-2010-3400: The js_InitRandom function in the JavaScript implementation in Mozilla Firefox 3↗2010-09-15

▶