CVE-2010-3804
published 2010-11-22CVE-2010-3804: The JavaScript implementation in WebKit in Apple Safari before 5.0.3 on Mac OS X 10.5 through 10.6 and Windows, and before 4.1.3 on Mac OS X 10.4, uses a weak…
PriorityP334medium5CVSS 2.0
AVNACLAuNCPINAN
EXPLOIT
EPSS
9.13%
94.7th percentile
The JavaScript implementation in WebKit in Apple Safari before 5.0.3 on Mac OS X 10.5 through 10.6 and Windows, and before 4.1.3 on Mac OS X 10.4, uses a weak algorithm for generating values of random numbers, which makes it easier for remote attackers to track a user by predicting a value, a related issue to CVE-2008-5913 and CVE-2010-3171.
Affected
53 ranges· showing 25
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| apple | safari | <= 5.0.2 | — |
| apple | safari | <= 4.1.2 | — |
| apple | safari | — | — |
| apple | safari | — | — |
| apple | safari | — | — |
| apple | safari | — | — |
| apple | safari | — | — |
| apple | safari | — | — |
| apple | safari | — | — |
| apple | safari | — | — |
| apple | safari | — | — |
| apple | safari | — | — |
| apple | safari | — | — |
| apple | safari | — | — |
| apple | safari | — | — |
| apple | safari | — | — |
| apple | safari | — | — |
| apple | safari | — | — |
| apple | safari | — | — |
| apple | safari | — | — |
| apple | safari | — | — |
| apple | safari | — | — |
| apple | safari | — | — |
| apple | safari | — | — |
| apple | safari | — | — |
CVSS provenance
nvdv2.05.0MEDIUMAV:N/AC:L/Au:N/C:P/I:N/A:N
osv4.9MEDIUM
CVEs like this are exactly what “Exploited This Week” covers.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
GHSA
GHSA-h84m-77j2-99hq: The JavaScript implementation in WebKit in Apple Safari before 5
ghsa_unreviewed·2022-05-17·CVSS 4.9
CVE-2010-3804 [MEDIUM] GHSA-h84m-77j2-99hq: The JavaScript implementation in WebKit in Apple Safari before 5
The JavaScript implementation in WebKit in Apple Safari before 5.0.3 on Mac OS X 10.5 through 10.6 and Windows, and before 4.1.3 on Mac OS X 10.4, uses a weak algorithm for generating values of random numbers, which makes it easier for remote attackers to track a user by predicting a value, a related issue to CVE-2008-5913 and CVE-2010-3171.
OSV
CVE-2010-3804: The JavaScript implementation in WebKit in Apple Safari before 5
osv·2010-11-22·CVSS 4.9
CVE-2010-3804 [MEDIUM] CVE-2010-3804: The JavaScript implementation in WebKit in Apple Safari before 5
The JavaScript implementation in WebKit in Apple Safari before 5.0.3 on Mac OS X 10.5 through 10.6 and Windows, and before 4.1.3 on Mac OS X 10.4, uses a weak algorithm for generating values of random numbers, which makes it easier for remote attackers to track a user by predicting a value, a related issue to CVE-2008-5913 and CVE-2010-3171.
No detection rules found.
Exploit-DB
WebKit - Insufficient Entropy Random Number Generator (1)
exploitdb·2010-11-18
CVE-2010-3804 WebKit - Insufficient Entropy Random Number Generator (1)
WebKit - Insufficient Entropy Random Number Generator (1)
---
source: https://www.securityfocus.com/bid/44952/info
WebKit is prone to a random-number-generator weakness.
Attackers can exploit this issue by enticing an unsuspecting user into visiting a malicious webpage.
Successful attacks will allow attackers to track user sessions and obtain personal information that can aid in further attacks.
NOTE: This issue was previously covered in BID 44938 (Apple Safari Prior to 5.0.3 and 4.1.3 Multiple Security Vulnerabilities) but has been given its own record to better document it.
document.write("Browser: "+navigator.userAgent);
interval=200;
iid=null;
function setint()
{
interval=document.getElementById('x').value;
clearInterval(iid);
iid=setInterval("recalc()",interval);
return;
}
Exploit-DB
WebKit - Insufficient Entropy Random Number Generator (2)
exploitdb·2010-11-18
CVE-2010-3804 WebKit - Insufficient Entropy Random Number Generator (2)
WebKit - Insufficient Entropy Random Number Generator (2)
---
source: https://www.securityfocus.com/bid/44952/info
WebKit is prone to a random-number-generator weakness.
Attackers can exploit this issue by enticing an unsuspecting user into visiting a malicious webpage.
Successful attacks will allow attackers to track user sessions and obtain personal information that can aid in further attacks.
NOTE: This issue was previously covered in BID 44938 (Apple Safari Prior to 5.0.3 and 4.1.3 Multiple Security Vulnerabilities) but has been given its own record to better document it.
document.write("userAgent: "+navigator.userAgent);
function calc_seed()
{
r1=Math.random()*Math.pow(2,32);
r2=Math.random()*Math.pow(2,32);
H=r1;
L=(r2-(((H & 0xFFFF0000)>>>16) | ((H & 0x0000FFFF)>>16) | ((H
No writeups or analysis indexed.
http://lists.apple.com/archives/security-announce/2010//Nov/msg00002.htmlhttp://lists.apple.com/archives/security-announce/2010//Nov/msg00003.htmlhttp://lists.opensuse.org/opensuse-security-announce/2011-01/msg00006.htmlhttp://secunia.com/advisories/42314http://secunia.com/advisories/43068http://support.apple.com/kb/HT4455http://support.apple.com/kb/HT4456http://www.vupen.com/english/advisories/2010/3046http://www.vupen.com/english/advisories/2011/0212https://exchange.xforce.ibmcloud.com/vulnerabilities/63347https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11495http://lists.apple.com/archives/security-announce/2010//Nov/msg00002.htmlhttp://lists.apple.com/archives/security-announce/2010//Nov/msg00003.htmlhttp://lists.opensuse.org/opensuse-security-announce/2011-01/msg00006.htmlhttp://secunia.com/advisories/42314http://secunia.com/advisories/43068http://support.apple.com/kb/HT4455http://support.apple.com/kb/HT4456http://www.vupen.com/english/advisories/2010/3046http://www.vupen.com/english/advisories/2011/0212https://exchange.xforce.ibmcloud.com/vulnerabilities/63347https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11495
2010-11-22
Published