Mozilla Products 'js_InitRandom' Information Disclosure Vulnerability (Windows) Network Vulnerability

Summary

The host is installed with Mozilla Firefox and is prone to Information Disclosure Vulnerability.

Impact

Successful exploitation will let attackers to guess the seed value via a brute-force attack. Impact Level: Application

Solution

Upgrade to Mozilla Firefox version 3.5.10 or 3.6.4 or later and Seamonkey version 2.0.5 or later. For updates refer - http://www.seamonkey-project.org/ - http://www.mozilla.org/en-US/firefox/new

Insight

The flaw is due to error in 'js_InitRandom' function in the JavaScript implementation uses the current time for seeding of a random number generator.

Affected

Mozilla Firefox version 3.5.x before 3.5.10 Mozilla Firefox version 3.6.x before 3.6.4 SeaMonkey version before 2.0.5.

References

https://bugzilla.mozilla.org/show_bug.cgi?id=475585

Updated on 2015-03-25

Severity

Classification

CVE CVE-2010-3400

CVSS	Base Score: 5.8 AV:N/AC:M/Au:N/C:P/I:P/A:N

Related Vulnerabilities

Adobe Reader Old Plugin Signature Bypass Vulnerability (Windows)
Apple QuickTime Multiple Arbitrary Code Execution Vulnerabilities (Win)
Apple Safari WebKit Information Disclosure Vulnerability (Mac OS X)
Apple Safari Multiple Vulnerabilities
Adobe Digital Edition Information Disclosure Vulnerability (Mac OS X)

Take action and discover your vulnerabilities