Summary
The host is installed with Mozilla Firefox and is prone to Information Disclosure Vulnerability.
Impact
Successful exploitation will let attackers to bypass the same-origin policy and obtain potentially sensitive information
other attacks are possible.
Impact Level: Application
Solution
Upgrade to Mozilla Firefox version 3.6.9 or later, 3.5.12 or later, 4.0 Beta-2 or later
For updates refer to http://www.mozilla.com/en-US/firefox/all.html http://www.mozilla.com/en-US/firefox/all-beta.html
Insight
The flaws are due to:
- Error in 'Math.random' function in the JavaScript implementation which uses a random number generator that is seeded only once per document object, which makes it easier for remote attackers to track a user, or trick a user into acting upon a spoofed pop-up message, by calculating the seed value.
- Error in 'js_InitRandom' function in the JavaScript implementation uses a context pointer in conjunction with its successor pointer for seeding of a random number generator, which makes it easier for remote attackers to guess the seed value via a brute-force attack.
Affected
Firefox version 3.5.10 through 3.5.11
Firefox version 3.6.4 through 3.6.8 and 4.0 Beta1
References
Updated on 2017-03-28
Severity
Classification
-
CVE CVE-2010-3171, CVE-2010-3399 -
CVSS Base Score: 5.8
AV:N/AC:M/Au:N/C:P/I:P/A:N
Related Vulnerabilities
- Adobe Flash Player Multiple Security Bypass Vulnerabilities - 01 Feb14 (Linux)
- Adobe Reader Multiple Vulnerabilities - Aug07 (Linux)
- Adobe Reader Plugin Signature Bypass Vulnerability (Mac OS X)
- Adobe Flash Player Unspecified Cross-Site Scripting Vulnerability June-2011 (Linux)
- Apple Safari Multiple Memory Corruption Vulnerabilities-01 Aug14 (Mac OS X)