Lumension® Endpoint Intelligence Center

Intelligence Center » Browse All Vulnerabilities » CVE-2008-5913

Overview

Vulnerability Score 4.9 4.9
CVE Id CVE-2008-5913
Last Modified 05 Nov 2012 11:13:47
Published 20 Jan 2009 11:30:00
Confidentiality Impact PARTIAL PARTIAL
Integrity Impact PARTIAL PARTIAL
Availability Impact NONE NONE
Access Vector NETWORK
Access Complexity MEDIUM
Authentication SINGLE_INSTANCE

CVE-2008-5913

Summary

The Math.random function in the JavaScript implementation in Mozilla Firefox 3.5.x before 3.5.10 and 3.6.x before 3.6.4, and SeaMonkey before 2.0.5, uses a random number generator that is seeded only once per browser session, which makes it easier for remote attackers to track a user, or trick a user into acting upon a spoofed pop-up message, by calculating the seed value, related to a "temporary footprint" and an "in-session phishing attack."

Vulnerable Systems

Application

  • Mozilla Firefox 3.5

  • Mozilla Firefox 3.5.1

  • Mozilla Firefox 3.5.2

  • Mozilla Firefox 3.5.3

  • Mozilla Firefox 3.5.4

  • Mozilla Firefox 3.5.5

  • Mozilla Firefox 3.5.6

  • Mozilla Firefox 3.5.7

  • Mozilla Firefox 3.5.8

  • Mozilla Firefox 3.5.9

  • Mozilla Firefox 3.6

  • Mozilla Firefox 3.6.2

  • Mozilla Firefox 3.6.3

  • Mozilla Firefox 3.6.4

  • Mozilla Seamonkey 1.0

  • Mozilla Seamonkey 1.0.1

  • Mozilla Seamonkey 1.0.2

  • Mozilla Seamonkey 1.0.3

  • Mozilla Seamonkey 1.0.4

  • Mozilla Seamonkey 1.0.5

  • Mozilla Seamonkey 1.0.6

  • Mozilla Seamonkey 1.0.7

  • Mozilla Seamonkey 1.0.8

  • Mozilla Seamonkey 1.0.9

  • Mozilla Seamonkey 1.1

  • Mozilla Seamonkey 1.1.1

  • Mozilla Seamonkey 1.1.10

  • Mozilla Seamonkey 1.1.11

  • Mozilla Seamonkey 1.1.12

  • Mozilla Seamonkey 1.1.13

  • Mozilla Seamonkey 1.1.14

  • Mozilla Seamonkey 1.1.15

  • Mozilla Seamonkey 1.1.16

  • Mozilla Seamonkey 1.1.17

  • Mozilla Seamonkey 1.1.2

  • Mozilla Seamonkey 1.1.3

  • Mozilla Seamonkey 1.1.4

  • Mozilla Seamonkey 1.1.5

  • Mozilla Seamonkey 1.1.6

  • Mozilla Seamonkey 1.1.7

  • Mozilla Seamonkey 1.1.8

  • Mozilla Seamonkey 1.1.9

  • Mozilla Seamonkey 2.0

  • Mozilla Seamonkey 2.0.1

  • Mozilla Seamonkey 2.0.2

  • Mozilla Seamonkey 2.0.3

  • Mozilla Seamonkey 2.0.4


References

CONFIRM - https://bugzilla.mozilla.org/show_bug.cgi?id=475585

VUPEN - ADV-2010-1773

VUPEN - ADV-2010-1640

VUPEN - ADV-2010-1557

VUPEN - ADV-2010-1551

UBUNTU - USN-930-2

MISC - http://www.trusteer.com/files/In-session-phishing-advisory-2.pdf

BID - 33276

REDHAT - RHSA-2010:0501

REDHAT - RHSA-2010:0500

CONFIRM - http://www.mozilla.org/security/announce/2010/mfsa2010-33.html

MANDRIVA - MDVSA-2010:125

MISC - http://www.infoworld.com/article/09/01/13/Browser_bug_could_allow_phishing_without_email_1.html

MISC - http://www.darkreading.com/security/attacks/showArticle.jhtml?articleID=212900161

UBUNTU - USN-930-1

CONFIRM - http://support.avaya.com/css/P8/documents/100091069

SECUNIA - 40481

SECUNIA - 40401

SECUNIA - 40326

SUSE - SUSE-SA:2010:030

MISC - http://arstechnica.com/news.ars/post/20090113-new-method-of-phishmongering-could-fool-experienced-users.html

VUPEN - ADV-2010-1592

FEDORA - FEDORA-2010-10361

FEDORA - FEDORA-2010-10344


Last Updated: 27 May 2016 10:58:26