SecPod SCAP Repo, a repository of SCAP Content (CVE, CCE, CPE, CWE, OVAL and XCCDF)

[Forgot Password]

Paid content will be excluded from the download.

Download | Alert*

CVE

CVE-2008-5913

Date: (C)2009-01-20 (M)2024-02-22

The Math.random function in the JavaScript implementation in Mozilla Firefox 3.5.x before 3.5.10 and 3.6.x before 3.6.4, and SeaMonkey before 2.0.5, uses a random number generator that is seeded only once per browser session, which makes it easier for remote attackers to track a user, or trick a user into acting upon a spoofed pop-up message, by calculating the seed value, related to a "temporary footprint" and an "in-session phishing attack."

CVSS Score and Metrics +CVSS Score and Metrics -

CVSS V2 Severity:
CVSS Score : 4.9
Exploit Score: 6.8
Impact Score: 4.9

CVSS V2 Metrics:
Access Vector: NETWORK
Access Complexity: MEDIUM
Authentication: SINGLE
Confidentiality: PARTIAL
Integrity: PARTIAL
Availability: NONE

Reference:

FEDORA-2010-10344

FEDORA-2010-10361

SUSE-SA:2010:030

http://arstechnica.com/news.ars/post/20090113-new-method-of-phishmongering-could-fool-experienced-users.html

http://support.avaya.com/css/P8/documents/100091069

http://www.darkreading.com/security/attacks/showArticle.jhtml?articleID=212900161

http://www.infoworld.com/article/09/01/13/Browser_bug_could_allow_phishing_without_email_1.html

http://www.mozilla.org/security/announce/2010/mfsa2010-33.html

http://www.trusteer.com/files/In-session-phishing-advisory-2.pdf

https://bugzilla.mozilla.org/show_bug.cgi?id=475585

oval:org.mitre.oval:def:11139

cpe:/a:mozilla:firefox:3.5.7
cpe:/a:mozilla:firefox:3.5.8
cpe:/a:mozilla:firefox:3.5.5
cpe:/a:mozilla:firefox:3.5.6
...

oval:org.secpod.oval:def:700129
oval:org.secpod.oval:def:700155
oval:org.secpod.oval:def:500402
oval:org.secpod.oval:def:400036
...

© SecPod Technologies