CVE-2010-3400

Published: Sep 15, 2010Modified: Apr 29, 2026

5.8

Vector

AV:N/AC:M/Au:N/C:P/I:P/A:N

Exploitability: 8.6 / Impact: 4.9

Source: NVD

Description

The js_InitRandom function in the JavaScript implementation in Mozilla Firefox 3.5.x before 3.5.10 and 3.6.x before 3.6.4, and SeaMonkey before 2.0.5, uses the current time for seeding of a random number generator, which makes it easier for remote attackers to guess the seed value via a brute-force attack, a different vulnerability than CVE-2008-5913.

Affected (57)

Products: Mozilla: Firefox, Seamonkey

Mozilla

2 products

Firefox

Seamonkey

Configuration A

10 vulnerable

Vulnerable Software	Affected Versions
Mozilla Firefox	Version 3.5.1
Mozilla Firefox	Version 3.5.2
Mozilla Firefox	Version 3.5.3
Mozilla Firefox	Version 3.5.4
Mozilla Firefox	Version 3.5.5
Mozilla Firefox	Version 3.5.6
Mozilla Firefox	Version 3.5.7
Mozilla Firefox	Version 3.5.8
Mozilla Firefox	Version 3.5.9
Mozilla Firefox	Version 3.5

Configuration B

3 vulnerable

Vulnerable Software	Affected Versions
Mozilla Firefox	Version 3.6.2
Mozilla Firefox	Version 3.6.3
Mozilla Firefox	Version 3.6

Configuration C

44 vulnerable

Vulnerable Software	Affected Versions
Mozilla Seamonkey	Up to 2.0.4
Mozilla Seamonkey	Version 1.0.1
Mozilla Seamonkey	Version 1.0.2
Mozilla Seamonkey	Version 1.0.3
Mozilla Seamonkey	Version 1.0.4
Mozilla Seamonkey	Version 1.0.5
Mozilla Seamonkey	Version 1.0.6
Mozilla Seamonkey	Version 1.0.7
Mozilla Seamonkey	Version 1.0.8
Mozilla Seamonkey	Version 1.0.9
Mozilla Seamonkey	Version 1.0
Mozilla Seamonkey	Version 1.0 alpha
Mozilla Seamonkey	Version 1.0 beta
Mozilla Seamonkey	Version 1.1.10
Mozilla Seamonkey	Version 1.1.11
Mozilla Seamonkey	Version 1.1.12
Mozilla Seamonkey	Version 1.1.13
Mozilla Seamonkey	Version 1.1.14
Mozilla Seamonkey	Version 1.1.15
Mozilla Seamonkey	Version 1.1.16
Mozilla Seamonkey	Version 1.1.17
Mozilla Seamonkey	Version 1.1.1
Mozilla Seamonkey	Version 1.1.2
Mozilla Seamonkey	Version 1.1.3
Mozilla Seamonkey	Version 1.1.4
Mozilla Seamonkey	Version 1.1.5
Mozilla Seamonkey	Version 1.1.6
Mozilla Seamonkey	Version 1.1.7
Mozilla Seamonkey	Version 1.1.8
Mozilla Seamonkey	Version 1.1.9
Mozilla Seamonkey	Version 1.1
Mozilla Seamonkey	Version 1.1 alpha
Mozilla Seamonkey	Version 1.1 beta
Mozilla Seamonkey	Version 2.0.1
Mozilla Seamonkey	Version 2.0.2
Mozilla Seamonkey	Version 2.0.3
Mozilla Seamonkey	Version 2.0
Mozilla Seamonkey	Version 2.0 alpha_1
Mozilla Seamonkey	Version 2.0 alpha_2
Mozilla Seamonkey	Version 2.0 alpha_3
Mozilla Seamonkey	Version 2.0 beta_1
Mozilla Seamonkey	Version 2.0 beta_2
Mozilla Seamonkey	Version 2.0 rc1
Mozilla Seamonkey	Version 2.0 rc2

Related CWEs

CWE-310

References (4)

https://bugzilla.mozilla.org/show_bug.cgi?id=475585

Source: cve@mitre.org

Patch

https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A7339

Source: cve@mitre.org

https://bugzilla.mozilla.org/show_bug.cgi?id=475585

Source: af854a3a-2127-422b-91ae-364da2661108

Patch

https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A7339

Source: af854a3a-2127-422b-91ae-364da2661108

Timeline

No history available yet.