VYPR
Unrated severityNVD Advisory· Published Sep 15, 2010· Updated Jun 16, 2026

CVE-2010-3171

CVE-2010-3171

Description

The Math.random function in the JavaScript implementation in Mozilla Firefox 3.5.10 through 3.5.11, 3.6.4 through 3.6.8, and 4.0 Beta1 uses a random number generator that is seeded only once per document object, which makes it easier for remote attackers to track a user, or trick a user into acting upon a spoofed pop-up message, by calculating the seed value, related to a "temporary footprint" and an "in-session phishing attack." NOTE: this vulnerability exists because of an incorrect fix for CVE-2008-5913.

AI Insight

LLM-synthesized narrative grounded in this CVE's description and references.

Affected products

8
  • cpe:2.3:a:mozilla:firefox:3.5.10:*:*:*:*:*:*:*+ 7 more
    • cpe:2.3:a:mozilla:firefox:3.5.10:*:*:*:*:*:*:*
    • cpe:2.3:a:mozilla:firefox:3.5.11:*:*:*:*:*:*:*
    • cpe:2.3:a:mozilla:firefox:3.6.4:*:*:*:*:*:*:*
    • cpe:2.3:a:mozilla:firefox:3.6.6:*:*:*:*:*:*:*
    • cpe:2.3:a:mozilla:firefox:3.6.7:*:*:*:*:*:*:*
    • cpe:2.3:a:mozilla:firefox:3.6.8:*:*:*:*:*:*:*
    • cpe:2.3:a:mozilla:firefox:4.0:beta1:*:*:*:*:*:*
    • (no CPE)range: >=3.5.10, <=3.5.11; >=3.6.4, <=3.6.8; =4.0 Beta1

Patches

Vulnerability mechanics

References

8

News mentions

0

No linked articles in our index yet.