The Math.random function in the JavaScript implementation in Mozilla Firefox 3.5.x before 3.5.10 and 3.6.x before 3.6.4, and SeaMonkey before 2.0.5, uses a random number generator that is seeded only once per browser session, which makes it easier for remote attackers to track a user, or trick a user into acting upon a spoofed pop-up message, by calculating the seed value, related to a "temporary footprint" and an "in-session phishing attack."
2009-01-20T16:30:00.360
2025-04-09T00:30:58.490
Deferred
CVSSv2: 4.9 (MEDIUM)
AV:N/AC:M/Au:S/C:P/I:P/A:N
6.8
4.9
| Type | Vendor | Product | Version/Range | Vulnerable? |
|---|---|---|---|---|
| Application | mozilla | firefox | 3.5 | Yes |
| Application | mozilla | firefox | 3.5.1 | Yes |
| Application | mozilla | firefox | 3.5.2 | Yes |
| Application | mozilla | firefox | 3.5.3 | Yes |
| Application | mozilla | firefox | 3.5.4 | Yes |
| Application | mozilla | firefox | 3.5.5 | Yes |
| Application | mozilla | firefox | 3.5.6 | Yes |
| Application | mozilla | firefox | 3.5.7 | Yes |
| Application | mozilla | firefox | 3.5.8 | Yes |
| Application | mozilla | firefox | 3.5.9 | Yes |
| Application | mozilla | firefox | 3.6 | Yes |
| Application | mozilla | firefox | 3.6.2 | Yes |
| Application | mozilla | firefox | 3.6.3 | Yes |
| Application | mozilla | firefox | 3.6.4 | Yes |
| Application | mozilla | seamonkey | ≤ 2.0.4 | Yes |
| Application | mozilla | seamonkey | 1.0 | Yes |
| Application | mozilla | seamonkey | 1.0 | Yes |
| Application | mozilla | seamonkey | 1.0 | Yes |
| Application | mozilla | seamonkey | 1.0.1 | Yes |
| Application | mozilla | seamonkey | 1.0.2 | Yes |
| Application | mozilla | seamonkey | 1.0.3 | Yes |
| Application | mozilla | seamonkey | 1.0.4 | Yes |
| Application | mozilla | seamonkey | 1.0.5 | Yes |
| Application | mozilla | seamonkey | 1.0.6 | Yes |
| Application | mozilla | seamonkey | 1.0.7 | Yes |
| Application | mozilla | seamonkey | 1.0.8 | Yes |
| Application | mozilla | seamonkey | 1.0.9 | Yes |
| Application | mozilla | seamonkey | 1.1 | Yes |
| Application | mozilla | seamonkey | 1.1 | Yes |
| Application | mozilla | seamonkey | 1.1 | Yes |
| Application | mozilla | seamonkey | 1.1.1 | Yes |
| Application | mozilla | seamonkey | 1.1.2 | Yes |
| Application | mozilla | seamonkey | 1.1.3 | Yes |
| Application | mozilla | seamonkey | 1.1.4 | Yes |
| Application | mozilla | seamonkey | 1.1.5 | Yes |
| Application | mozilla | seamonkey | 1.1.6 | Yes |
| Application | mozilla | seamonkey | 1.1.7 | Yes |
| Application | mozilla | seamonkey | 1.1.8 | Yes |
| Application | mozilla | seamonkey | 1.1.9 | Yes |
| Application | mozilla | seamonkey | 1.1.10 | Yes |
| Application | mozilla | seamonkey | 1.1.11 | Yes |
| Application | mozilla | seamonkey | 1.1.12 | Yes |
| Application | mozilla | seamonkey | 1.1.13 | Yes |
| Application | mozilla | seamonkey | 1.1.14 | Yes |
| Application | mozilla | seamonkey | 1.1.15 | Yes |
| Application | mozilla | seamonkey | 1.1.16 | Yes |
| Application | mozilla | seamonkey | 1.1.17 | Yes |
| Application | mozilla | seamonkey | 2.0 | Yes |
| Application | mozilla | seamonkey | 2.0 | Yes |
| Application | mozilla | seamonkey | 2.0 | Yes |
| Application | mozilla | seamonkey | 2.0 | Yes |
| Application | mozilla | seamonkey | 2.0 | Yes |
| Application | mozilla | seamonkey | 2.0 | Yes |
| Application | mozilla | seamonkey | 2.0 | Yes |
| Application | mozilla | seamonkey | 2.0 | Yes |
| Application | mozilla | seamonkey | 2.0.1 | Yes |
| Application | mozilla | seamonkey | 2.0.2 | Yes |
| Application | mozilla | seamonkey | 2.0.3 | Yes |