cbcvebase.
CVE-2010-3804
published 2010-11-22

CVE-2010-3804: The JavaScript implementation in WebKit in Apple Safari before 5.0.3 on Mac OS X 10.5 through 10.6 and Windows, and before 4.1.3 on Mac OS X 10.4, uses a weak…

PriorityP334medium5CVSS 2.0
AVNACLAuNCPINAN
EXPLOIT
EPSS
9.13%
94.7th percentile
The JavaScript implementation in WebKit in Apple Safari before 5.0.3 on Mac OS X 10.5 through 10.6 and Windows, and before 4.1.3 on Mac OS X 10.4, uses a weak algorithm for generating values of random numbers, which makes it easier for remote attackers to track a user by predicting a value, a related issue to CVE-2008-5913 and CVE-2010-3171.

Affected

53 ranges· showing 25
VendorProductVersion rangeFixed in
applesafari<= 5.0.2
applesafari<= 4.1.2
applesafari
applesafari
applesafari
applesafari
applesafari
applesafari
applesafari
applesafari
applesafari
applesafari
applesafari
applesafari
applesafari
applesafari
applesafari
applesafari
applesafari
applesafari
applesafari
applesafari
applesafari
applesafari
applesafari

CVSS provenance

nvdv2.05.0MEDIUMAV:N/AC:L/Au:N/C:P/I:N/A:N
osv4.9MEDIUM
CVEs like this are exactly what “Exploited This Week” covers.

Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.