CVE-2010-3804

Apple Safari < 5.0.3 - Weak Random Number Generation in JavaScript Implementation

Title source: llm

Exploitation Summary

EIP tracks 2 public exploits for CVE-2010-3804. PoCs published by Amit Klein.

AI-analyzed exploit summary This exploit demonstrates a weakness in WebKit's random-number generator by calculating the PRNG seed and mileage in Safari 5.0 for Windows. It allows tracking user sessions by predicting random values generated by the browser.

Description

The JavaScript implementation in WebKit in Apple Safari before 5.0.3 on Mac OS X 10.5 through 10.6 and Windows, and before 4.1.3 on Mac OS X 10.4, uses a weak algorithm for generating values of random numbers, which makes it easier for remote attackers to track a user by predicting a value, a related issue to CVE-2008-5913 and CVE-2010-3171.

Exploits (2)

exploitdb WORKING POC VERIFIED

by Amit Klein · htmlremotewindows

https://www.exploit-db.com/exploits/35006

View Code ZIP pw:eip

This exploit demonstrates a weakness in WebKit's random-number generator by calculating the PRNG seed and mileage in Safari 5.0 for Windows. It allows tracking user sessions by predicting random values generated by the browser.

Classification

Working Poc 90%

Attack Type

Info Leak

Complexity

Moderate

Reliability

Reliable

Target: Safari 5.0 (Windows)

No auth needed

Prerequisites: User must visit a malicious webpage

MITRE ATT&CK

T1589 - Gather Victim Identity Information

devstral-2 · analyzed Feb 16, 2026 Full analysis →

exploitdb WORKING POC VERIFIED

by Amit Klein · htmlremotewindows

https://www.exploit-db.com/exploits/35005

View Code ZIP pw:eip

This exploit demonstrates a weakness in WebKit's random-number generator by predicting Math.random() values. It tracks PRNG state and reseed events, allowing session tracking and potential information leakage.

Classification

Working Poc 90%

Attack Type

Info Leak

Complexity

Moderate

Reliability

Reliable

Target: WebKit (affecting Safari and other browsers using WebKit)

No auth needed

Prerequisites: Victim must visit a malicious webpage

MITRE ATT&CK

T1589 - Gather Victim Identity Information

devstral-2 · analyzed Feb 16, 2026 Full analysis →

References (11)

Core 11

Core References

Third Party Advisory third-party-advisory x_refsource_secunia

http://secunia.com/advisories/43068

Patch, Vendor Advisory x_refsource_confirm

http://support.apple.com/kb/HT4455

Third Party Advisory vdb-entry x_refsource_vupen

http://www.vupen.com/english/advisories/2011/0212

Third Party Advisory vdb-entry x_refsource_vupen

http://www.vupen.com/english/advisories/2010/3046

Third Party Advisory, VDB Entry vdb-entry x_refsource_xf

https://exchange.xforce.ibmcloud.com/vulnerabilities/63347

Mailing List vendor-advisory x_refsource_suse

http://lists.opensuse.org/opensuse-security-announce/2011-01/msg00006.html

Vendor Advisory vendor-advisory x_refsource_apple

http://lists.apple.com/archives/security-announce/2010//Nov/msg00002.html

Third Party Advisory third-party-advisory x_refsource_secunia

http://secunia.com/advisories/42314

Third Party Advisory, VDB Entry vdb-entry signature x_refsource_oval

https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11495

Vendor Advisory x_refsource_confirm

http://support.apple.com/kb/HT4456

Mailing List vendor-advisory x_refsource_apple

http://lists.apple.com/archives/security-announce/2010//Nov/msg00003.html

Scores

EPSS 0.0913

EPSS Percentile 94.6%

Details

CWE

CWE-310

Status published

Products (40)

apple/safari 5.0

apple/safari 5.0.1

apple/safari 1.0 (3 CPE variants)

apple/safari 1.0.0

apple/safari 1.0.0b1

apple/safari 1.0.0b2

apple/safari 1.0.1

apple/safari 1.0.2

apple/safari 1.0.3 (3 CPE variants)

apple/safari 1.1

... and 30 more

Published Nov 22, 2010

Tracked Since Feb 18, 2026