Mozilla Products 'js_InitRandom' Information Disclosure Vulnerability (Windows) Network Vulnerability

Summary

The host is installed with Mozilla Firefox and is prone to Information Disclosure Vulnerability.

Impact

Successful exploitation will let attackers to guess the seed value via a brute-force attack. Impact Level: Application

Solution

Upgrade to Mozilla Firefox version 3.5.10 or 3.6.4 or later and Seamonkey version 2.0.5 or later. For updates refer - http://www.seamonkey-project.org/ - http://www.mozilla.org/en-US/firefox/new

Insight

The flaw is due to error in 'js_InitRandom' function in the JavaScript implementation uses the current time for seeding of a random number generator.

Affected

Mozilla Firefox version 3.5.x before 3.5.10 Mozilla Firefox version 3.6.x before 3.6.4 SeaMonkey version before 2.0.5.

References

https://bugzilla.mozilla.org/show_bug.cgi?id=475585

Updated on 2015-03-25

Severity

Classification

CVE CVE-2010-3400

CVSS	Base Score: 5.8 AV:N/AC:M/Au:N/C:P/I:P/A:N

Related Vulnerabilities

Adobe Reader Cross-Site Scripting & Denial of Service Vulnerabilities (Mac OS X)
Apache Tomcat Multiple Vulnerabilities-01 (Nov14)
Adobe Reader Information Disclosure Vulnerability Jun05 (Mac OS X)
aMSN session hijack vulnerability (Windows)
Adobe Reader Multiple Unspecified Vulnerabilities Jun06 (Mac OS X)

Take action and discover your vulnerabilities