Release date:
Updated on: 2010-09-20
Affected Systems:
Mozilla Firefox 4.0 Beta1
Mozilla Firefox 3.6.x
Mozilla Firefox 3.5.x
Unaffected system:
Mozilla Firefox 4.0 Beta2
Mozilla Firefox 3.6.9
Mozilla Firefox 3.5.12
Description:
--------------------------------------------------------------------------------
Bugtraq id: 43222
CVE (CAN) ID: CVE-2010-3171
Firefox is a very popular open-source WEB browser.
Math in JavaScript Implementation of Firefox. the random function uses the Document Object as the seed of the random number generator. Attackers can easily guess the seed value through brute-force guessing attacks to perform hijacking sessions and other attacks.
<* Source: Amit Klein (Amit.Klein@SanctumInc.com)
Link: http://www.trusteer.com/sites/default/files/Cross_domain_Math_Random_leakage_in_FF_3.6.4-3.6.8.pdf
*>
Suggestion:
--------------------------------------------------------------------------------
Vendor patch:
Mozilla
-------
The vendor has released a patch to fix this security problem. Please download it from the vendor's homepage:
Http://www.mozilla.org/