FreeBSD VuXML: Documenting security issues in FreeBSD and the FreeBSD Ports Collection

CVE-2008-5913

This CVE name corresponds to:

Entered	Topic
2010-06-23	mozilla -- multiple vulnerabilities

The following information is adapted from the Common Vulnerabilities and Exposures (CVE) project. CVE and the CVE logo are trademarks of The MITRE Corporation. CVE content is Copyright 2005, The MITRE Corporation.

CVE-2008-5913 at cve.mitre.org

Details

Type	Candidate
Name	CVE-2008-5913
Phase	Assigned(20090120)

Description

The Math.random function in the JavaScript implementation in Mozilla Firefox 3.5.x before 3.5.10 and 3.6.x before 3.6.4, and SeaMonkey before 2.0.5, uses a random number generator that is seeded only once per browser session, which makes it easier for remote attackers to track a user, or trick a user into acting upon a spoofed pop-up message, by calculating the seed value, related to a "temporary footprint" and an "in-session phishing attack."

References

Source	Reference
MISC	http://arstechnica.com/news.ars/post/20090113-new-method-of-phishmongering-could-fool-experienced-users.html
MISC	http://www.darkreading.com/security/attacks/showArticle.jhtml?articleID=212900161
MISC	http://www.infoworld.com/article/09/01/13/Browser_bug_could_allow_phishing_without_email_1.html
MISC	http://www.trusteer.com/files/In-session-phishing-advisory-2.pdf
CONFIRM	http://www.mozilla.org/security/announce/2010/mfsa2010-33.html
CONFIRM	https://bugzilla.mozilla.org/show_bug.cgi?id=475585
CONFIRM	http://support.avaya.com/css/P8/documents/100091069
FEDORA	FEDORA-2010-10344
FEDORA	FEDORA-2010-10361
MANDRIVA	MDVSA-2010:125
REDHAT	RHSA-2010:0500
REDHAT	RHSA-2010:0501
SUSE	SUSE-SA:2010:030
UBUNTU	USN-930-1
UBUNTU	USN-930-2
BID	33276
OVAL	oval:org.mitre.oval:def:11139
SECUNIA	40326
SECUNIA	40401
SECUNIA	40481
VUPEN	ADV-2010-1551
VUPEN	ADV-2010-1557
VUPEN	ADV-2010-1640
VUPEN	ADV-2010-1773
VUPEN	ADV-2010-1592