1. Home
  2. CVE Database
  3. CVE-2010-3399
MEDIUM · 5.8

CVE-2010-3399

The js_InitRandom function in the JavaScript implementation in Mozilla Firefox 3.5.10 through 3.5.11, 3.6.4 through 3.6.8, and 4.0 Beta1 uses a context pointer in conjunction with its successor pointe...

Vulnerability Description

The js_InitRandom function in the JavaScript implementation in Mozilla Firefox 3.5.10 through 3.5.11, 3.6.4 through 3.6.8, and 4.0 Beta1 uses a context pointer in conjunction with its successor pointer for seeding of a random number generator, which makes it easier for remote attackers to guess the seed value via a brute-force attack, a different vulnerability than CVE-2010-3171.

CVSS Score

5.8

MEDIUM

AV:N/AC:M/Au:N/C:P/I:P/A:N
Confidentiality
PARTIAL
Integrity
PARTIAL
Availability
NONE

Affected Products

VendorProductVersions
MozillaFirefox3.5.10

Related Weaknesses (CWE)

CWE-310

References

FAQ

What is CVE-2010-3399?

CVE-2010-3399 is a vulnerability with a CVSS score of 5.8 (MEDIUM). The js_InitRandom function in the JavaScript implementation in Mozilla Firefox 3.5.10 through 3.5.11, 3.6.4 through 3.6.8, and 4.0 Beta1 uses a context pointer in conjunction with its successor pointe...

How severe is CVE-2010-3399?

CVE-2010-3399 has been rated MEDIUM with a CVSS base score of 5.8/10. Review the CVSS metrics above for detailed severity breakdown.

Is there a patch for CVE-2010-3399?

Check the references section above for vendor advisories and patch information. Affected products include: Mozilla Firefox.