Home

CVE-2010-3399

Description

The js_InitRandom function in the JavaScript implementation in Mozilla Firefox 3.5.10 through 3.5.11, 3.6.4 through 3.6.8, and 4.0 Beta1 uses a context pointer in conjunction with its successor pointer for seeding of a random number generator, which makes it easier for remote attackers to guess the seed value via a brute-force attack, a different vulnerability than CVE-2010-3171.

Risk Information

Base Score
7.5
MODERATE
Vector
AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
EPSS Score
Exploitation Probability
0.635

Associated Vulnerability

VulnerabilityOS Platform
Multiple vulnerabilities affected in Mozilla Firefox (x64) 4.0Windows
Multiple vulnerabilities affected in Mozilla_Firefox 4.0Windows
Multiple Vulnerabilities are affected in Mozilla Firefox (x64) 3.5.10Windows
Multiple Vulnerabilities are affected in Mozilla Firefox (x64) 3.5.11Windows
Multiple Vulnerabilities are affected in Mozilla Firefox (x64) 3.6.4Windows
Multiple Vulnerabilities are affected in Mozilla Firefox (x64) 3.6.6Windows
Multiple Vulnerabilities are affected in Mozilla Firefox (x64) 3.6.7Windows
Multiple Vulnerabilities are affected in Mozilla Firefox (x64) 3.6.8Windows
Multiple Vulnerabilities are affected in Mozilla Firefox (x64) 4.0Windows
Multiple Vulnerabilities are affected in Mozilla_Firefox 3.5.10Windows
Multiple Vulnerabilities are affected in Mozilla_Firefox 3.5.11Windows
Multiple Vulnerabilities are affected in Mozilla_Firefox 3.6.4Windows
Multiple Vulnerabilities are affected in Mozilla_Firefox 3.6.6Windows
Multiple Vulnerabilities are affected in Mozilla_Firefox 3.6.7Windows
Multiple Vulnerabilities are affected in Mozilla_Firefox 3.6.8Windows
Multiple Vulnerabilities are affected in Mozilla_Firefox 4.0Windows

Patch Details

Click to see the patches provided by ManageEngine for this CVE
Patch IDPatch Description
PATCH-343016Mozilla Firefox (x64) (132.0.2)
PATCH-343015Mozilla Firefox (132.0.2)

References

https://nvd.nist.gov/vuln/detail/CVE-2023-1234
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-1234