CVE-2010-3399 - Vulnerability Details - OpenCVE

The js_InitRandom function in the JavaScript implementation in Mozilla Firefox 3.5.10 through 3.5.11, 3.6.4 through 3.6.8, and 4.0 Beta1 uses a context pointer in conjunction with its successor pointer for seeding of a random number generator, which makes it easier for remote attackers to guess the seed value via a brute-force attack, a different vulnerability than CVE-2010-3171.

No CVSS v4.0

No CVSS v3.1

No CVSS v3.0

Access Vector Network

Access Complexity Medium

Authentication None

Confidentiality Impact Partial

Integrity Impact Partial

Availability Impact None

This CVE is not in the KEV list.

Key SSVC decision points have not yet been added.

Vendors	Products
Mozilla	Firefox

Configuration 1 [-]

OR	cpe:2.3:a:mozilla:firefox:3.5.10:::::::*
	cpe:2.3:a:mozilla:firefox:3.5.11:::::::*
	cpe:2.3:a:mozilla:firefox:3.6.4:::::::*
	cpe:2.3:a:mozilla:firefox:3.6.6:::::::*
	cpe:2.3:a:mozilla:firefox:3.6.7:::::::*
	cpe:2.3:a:mozilla:firefox:3.6.8:::::::*
	cpe:2.3:a:mozilla:firefox:4.0:beta1::::::

No data.

References

Link	Providers
http://archives.neohapsis.com/archives/bugtraq/2010-09/0117.html
http://blogs.sun.com/security/entry/multiple_vulnerabilities_in_mozilla_firefox
http://secunia.com/advisories/42867
http://www.trusteer.com/sites/default/files/Cross_domain_Math_Random_leakage_in_FF_3.6.4-3.6.8.pdf
http://www.vupen.com/english/advisories/2011/0061
https://bugzilla.mozilla.org/show_bug.cgi?id=475585
https://bugzilla.mozilla.org/show_bug.cgi?id=577512
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A7598

History

No history.

MITRE

Status: PUBLISHED

Assigner: mitre

Published: 2010-09-15T19:00:00

Updated: 2024-08-07T03:11:43.426Z

Reserved: 2010-09-15T00:00:00

Link: CVE-2010-3399

Vulnrichment

No data.

NVD

Status : Modified

Published: 2010-09-15T20:00:02.727

Modified: 2024-11-21T01:18:38.477

Link: CVE-2010-3399

Redhat

No data.

{"containers": {"cna": {"affected": [{"product": "n/a", "vendor": "n/a", "versions": [{"status": "affected", "version": "n/a"}]}], "datePublic": "2010-09-14T00:00:00", "descriptions": [{"lang": "en", "value": "The js_InitRandom function in the JavaScript implementation in Mozilla Firefox 3.5.10 through 3.5.11, 3.6.4 through 3.6.8, and 4.0 Beta1 uses a context pointer in conjunction with its successor pointer for seeding of a random number generator, which makes it easier for remote attackers to guess the seed value via a brute-force attack, a different vulnerability than CVE-2010-3171."}], "problemTypes": [{"descriptions": [{"description": "n/a", "lang": "en", "type": "text"}]}], "providerMetadata": {"dateUpdated": "2017-09-18T12:57:01", "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "shortName": "mitre"}, "references": [{"tags": ["x_refsource_MISC"], "url": "https://bugzilla.mozilla.org/show_bug.cgi?id=475585"}, {"tags": ["x_refsource_CONFIRM"], "url": "http://blogs.sun.com/security/entry/multiple_vulnerabilities_in_mozilla_firefox"}, {"name": "42867", "tags": ["third-party-advisory", "x_refsource_SECUNIA"], "url": "http://secunia.com/advisories/42867"}, {"name": "ADV-2011-0061", "tags": ["vdb-entry", "x_refsource_VUPEN"], "url": "http://www.vupen.com/english/advisories/2011/0061"}, {"tags": ["x_refsource_MISC"], "url": "http://www.trusteer.com/sites/default/files/Cross_domain_Math_Random_leakage_in_FF_3.6.4-3.6.8.pdf"}, {"tags": ["x_refsource_MISC"], "url": "https://bugzilla.mozilla.org/show_bug.cgi?id=577512"}, {"name": "oval:org.mitre.oval:def:7598", "tags": ["vdb-entry", "signature", "x_refsource_OVAL"], "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A7598"}, {"name": "20100914 New writeup by Amit Klein (Trusteer): \"Cross-domain information leakage in Firefox 3.6.4-3.6.8, Firefox 3.5.10-3.5.11 and Firefox 4.0 Beta1\"", "tags": ["mailing-list", "x_refsource_BUGTRAQ"], "url": "http://archives.neohapsis.com/archives/bugtraq/2010-09/0117.html"}], "x_legacyV4Record": {"CVE_data_meta": {"ASSIGNER": "cve@mitre.org", "ID": "CVE-2010-3399", "STATE": "PUBLIC"}, "affects": {"vendor": {"vendor_data": [{"product": {"product_data": [{"product_name": "n/a", "version": {"version_data": [{"version_value": "n/a"}]}}]}, "vendor_name": "n/a"}]}}, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": {"description_data": [{"lang": "eng", "value": "The js_InitRandom function in the JavaScript implementation in Mozilla Firefox 3.5.10 through 3.5.11, 3.6.4 through 3.6.8, and 4.0 Beta1 uses a context pointer in conjunction with its successor pointer for seeding of a random number generator, which makes it easier for remote attackers to guess the seed value via a brute-force attack, a different vulnerability than CVE-2010-3171."}]}, "problemtype": {"problemtype_data": [{"description": [{"lang": "eng", "value": "n/a"}]}]}, "references": {"reference_data": [{"name": "https://bugzilla.mozilla.org/show_bug.cgi?id=475585", "refsource": "MISC", "url": "https://bugzilla.mozilla.org/show_bug.cgi?id=475585"}, {"name": "http://blogs.sun.com/security/entry/multiple_vulnerabilities_in_mozilla_firefox", "refsource": "CONFIRM", "url": "http://blogs.sun.com/security/entry/multiple_vulnerabilities_in_mozilla_firefox"}, {"name": "42867", "refsource": "SECUNIA", "url": "http://secunia.com/advisories/42867"}, {"name": "ADV-2011-0061", "refsource": "VUPEN", "url": "http://www.vupen.com/english/advisories/2011/0061"}, {"name": "http://www.trusteer.com/sites/default/files/Cross_domain_Math_Random_leakage_in_FF_3.6.4-3.6.8.pdf", "refsource": "MISC", "url": "http://www.trusteer.com/sites/default/files/Cross_domain_Math_Random_leakage_in_FF_3.6.4-3.6.8.pdf"}, {"name": "https://bugzilla.mozilla.org/show_bug.cgi?id=577512", "refsource": "MISC", "url": "https://bugzilla.mozilla.org/show_bug.cgi?id=577512"}, {"name": "oval:org.mitre.oval:def:7598", "refsource": "OVAL", "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A7598"}, {"name": "20100914 New writeup by Amit Klein (Trusteer): \"Cross-domain information leakage in Firefox 3.6.4-3.6.8, Firefox 3.5.10-3.5.11 and Firefox 4.0 Beta1\"", "refsource": "BUGTRAQ", "url": "http://archives.neohapsis.com/archives/bugtraq/2010-09/0117.html"}]}}}, "adp": [{"providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-07T03:11:43.426Z"}, "title": "CVE Program Container", "references": [{"tags": ["x_refsource_MISC", "x_transferred"], "url": "https://bugzilla.mozilla.org/show_bug.cgi?id=475585"}, {"tags": ["x_refsource_CONFIRM", "x_transferred"], "url": "http://blogs.sun.com/security/entry/multiple_vulnerabilities_in_mozilla_firefox"}, {"name": "42867", "tags": ["third-party-advisory", "x_refsource_SECUNIA", "x_transferred"], "url": "http://secunia.com/advisories/42867"}, {"name": "ADV-2011-0061", "tags": ["vdb-entry", "x_refsource_VUPEN", "x_transferred"], "url": "http://www.vupen.com/english/advisories/2011/0061"}, {"tags": ["x_refsource_MISC", "x_transferred"], "url": "http://www.trusteer.com/sites/default/files/Cross_domain_Math_Random_leakage_in_FF_3.6.4-3.6.8.pdf"}, {"tags": ["x_refsource_MISC", "x_transferred"], "url": "https://bugzilla.mozilla.org/show_bug.cgi?id=577512"}, {"name": "oval:org.mitre.oval:def:7598", "tags": ["vdb-entry", "signature", "x_refsource_OVAL", "x_transferred"], "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A7598"}, {"name": "20100914 New writeup by Amit Klein (Trusteer): \"Cross-domain information leakage in Firefox 3.6.4-3.6.8, Firefox 3.5.10-3.5.11 and Firefox 4.0 Beta1\"", "tags": ["mailing-list", "x_refsource_BUGTRAQ", "x_transferred"], "url": "http://archives.neohapsis.com/archives/bugtraq/2010-09/0117.html"}]}]}, "cveMetadata": {"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "assignerShortName": "mitre", "cveId": "CVE-2010-3399", "datePublished": "2010-09-15T19:00:00", "dateReserved": "2010-09-15T00:00:00", "dateUpdated": "2024-08-07T03:11:43.426Z", "state": "PUBLISHED"}, "dataType": "CVE_RECORD", "dataVersion": "5.1"}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:mozilla:firefox:3.5.10:*:*:*:*:*:*:*", "matchCriteriaId": "BBB444FD-15F3-4447-9EA8-1669779A5749", "vulnerable": true}, {"criteria": "cpe:2.3:a:mozilla:firefox:3.5.11:*:*:*:*:*:*:*", "matchCriteriaId": "F92E2EF3-A612-476F-9D31-1EEC240C7EA7", "vulnerable": true}, {"criteria": "cpe:2.3:a:mozilla:firefox:3.6.4:*:*:*:*:*:*:*", "matchCriteriaId": "C8587BFD-417D-42BE-A5F8-22FDC68FA9E6", "vulnerable": true}, {"criteria": "cpe:2.3:a:mozilla:firefox:3.6.6:*:*:*:*:*:*:*", "matchCriteriaId": "D7364FAB-EEE9-4064-A8AD-6547239F9AB3", "vulnerable": true}, {"criteria": "cpe:2.3:a:mozilla:firefox:3.6.7:*:*:*:*:*:*:*", "matchCriteriaId": "4C50485F-BC7B-4B70-A47B-1712E2DBAC5A", "vulnerable": true}, {"criteria": "cpe:2.3:a:mozilla:firefox:3.6.8:*:*:*:*:*:*:*", "matchCriteriaId": "51EE386B-0833-484E-A2AB-86B4470D4D45", "vulnerable": true}, {"criteria": "cpe:2.3:a:mozilla:firefox:4.0:beta1:*:*:*:*:*:*", "matchCriteriaId": "B7BC1684-3634-4585-B7E6-8C8777E1DA0D", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "descriptions": [{"lang": "en", "value": "The js_InitRandom function in the JavaScript implementation in Mozilla Firefox 3.5.10 through 3.5.11, 3.6.4 through 3.6.8, and 4.0 Beta1 uses a context pointer in conjunction with its successor pointer for seeding of a random number generator, which makes it easier for remote attackers to guess the seed value via a brute-force attack, a different vulnerability than CVE-2010-3171."}, {"lang": "es", "value": "La funci\u00f3n js_InitRandom en la implementaci\u00f3n JavaScript de Mozilla Firefox v3.5.10 hasta v3.5.11, v3.6.4 hasta v3.6.8 y v4.0 Beta1 utiliza un puntero de contexto en en relaci\u00f3n con su puntero sucesor para utilizar como semilla de de un generador de n\u00fameros aleatorios, lo cual les facilita a los atacantes remotos adivinar el valor de la semilla a trav\u00e9s de un ataque de fuerza bruta, una vulneravilidad diferente de CVE-2010-3171."}], "id": "CVE-2010-3399", "lastModified": "2024-11-21T01:18:38.477", "metrics": {"cvssMetricV2": [{"acInsufInfo": false, "baseSeverity": "MEDIUM", "cvssData": {"accessComplexity": "MEDIUM", "accessVector": "NETWORK", "authentication": "NONE", "availabilityImpact": "NONE", "baseScore": 5.8, "confidentialityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:N", "version": "2.0"}, "exploitabilityScore": 8.6, "impactScore": 4.9, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "nvd@nist.gov", "type": "Primary", "userInteractionRequired": true}]}, "published": "2010-09-15T20:00:02.727", "references": [{"source": "cve@mitre.org", "url": "http://archives.neohapsis.com/archives/bugtraq/2010-09/0117.html"}, {"source": "cve@mitre.org", "url": "http://blogs.sun.com/security/entry/multiple_vulnerabilities_in_mozilla_firefox"}, {"source": "cve@mitre.org", "url": "http://secunia.com/advisories/42867"}, {"source": "cve@mitre.org", "tags": ["Exploit"], "url": "http://www.trusteer.com/sites/default/files/Cross_domain_Math_Random_leakage_in_FF_3.6.4-3.6.8.pdf"}, {"source": "cve@mitre.org", "url": "http://www.vupen.com/english/advisories/2011/0061"}, {"source": "cve@mitre.org", "url": "https://bugzilla.mozilla.org/show_bug.cgi?id=475585"}, {"source": "cve@mitre.org", "url": "https://bugzilla.mozilla.org/show_bug.cgi?id=577512"}, {"source": "cve@mitre.org", "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A7598"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://archives.neohapsis.com/archives/bugtraq/2010-09/0117.html"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://blogs.sun.com/security/entry/multiple_vulnerabilities_in_mozilla_firefox"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://secunia.com/advisories/42867"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Exploit"], "url": "http://www.trusteer.com/sites/default/files/Cross_domain_Math_Random_leakage_in_FF_3.6.4-3.6.8.pdf"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://www.vupen.com/english/advisories/2011/0061"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "https://bugzilla.mozilla.org/show_bug.cgi?id=475585"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "https://bugzilla.mozilla.org/show_bug.cgi?id=577512"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A7598"}], "sourceIdentifier": "cve@mitre.org", "vulnStatus": "Modified", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-310"}], "source": "nvd@nist.gov", "type": "Primary"}]}