CVE-2010-3171

Mozilla Firefox <4.0 - Info Disclosure

Title source: llm

Exploitation Summary

EIP tracks 1 public exploit for CVE-2010-3171. PoCs published by Amit Klein.

AI-analyzed exploit summary This exploit targets a cross-domain information-disclosure vulnerability in Mozilla Firefox by predicting the PRNG state. It uses a mathematical approach to reverse-engineer the internal state of the PRNG from a sample value obtained via a crafted HTML page.

Description

The Math.random function in the JavaScript implementation in Mozilla Firefox 3.5.10 through 3.5.11, 3.6.4 through 3.6.8, and 4.0 Beta1 uses a random number generator that is seeded only once per document object, which makes it easier for remote attackers to track a user, or trick a user into acting upon a spoofed pop-up message, by calculating the seed value, related to a "temporary footprint" and an "in-session phishing attack." NOTE: this vulnerability exists because of an incorrect fix for CVE-2008-5913.

Exploits (1)

exploitdb WORKING POC VERIFIED

by Amit Klein · cremoteunix

https://www.exploit-db.com/exploits/34621

View Code ZIP pw:eip

This exploit targets a cross-domain information-disclosure vulnerability in Mozilla Firefox by predicting the PRNG state. It uses a mathematical approach to reverse-engineer the internal state of the PRNG from a sample value obtained via a crafted HTML page.

Classification

Working Poc 90%

Attack Type

Info Leak

Complexity

Moderate

Reliability

Reliable

Target: Mozilla Firefox 3.6.4-3.6.8

No auth needed

Prerequisites: Victim must visit a malicious webpage

MITRE ATT&CK