// For flags

CVE-2008-5913

mozilla: in-session phishing attack

Severity Score

4.9
*CVSS v2

Exploit Likelihood

*EPSS

Affected Versions

*CPE

Public Exploits

0
*Multiple Sources

Exploited in Wild

-
*KEV

Decision

-
*SSVC
Descriptions

The Math.random function in the JavaScript implementation in Mozilla Firefox 3.5.x before 3.5.10 and 3.6.x before 3.6.4, and SeaMonkey before 2.0.5, uses a random number generator that is seeded only once per browser session, which makes it easier for remote attackers to track a user, or trick a user into acting upon a spoofed pop-up message, by calculating the seed value, related to a "temporary footprint" and an "in-session phishing attack."

La función Math.random en la implementación de JavaScript en Mozilla Firefox versiones 3.5.x anteriores a 3.5.10 y versiones 3.6.x anteriores a 3.6.4, y SeaMonkey anterior a versión 2.0.5, usa un generador de números aleatorios que es insertado sólo una vez por sesión de navegador, lo que facilita a los atacantes remotos rastrear a un usuario, o engañar a un usuario para que actúe en base a un mensaje emergente falsificado, calculando el valor seed, en relación a una "temporary footprint" y un "in-session phishing attack."

*Credits: N/A
CVSS Scores
Attack Vector
Network
Attack Complexity
Medium
Authentication
Single
Confidentiality
Partial
Integrity
Partial
Availability
None
Attack Vector
Network
Attack Complexity
High
Authentication
Single
Confidentiality
Partial
Integrity
Partial
Availability
None
* Common Vulnerability Scoring System
SSVC
  • Decision:-
Exploitation
-
Automatable
-
Tech. Impact
-
* Organization's Worst-case Scenario
Timeline
  • 2009-01-20 CVE Reserved
  • 2009-01-20 CVE Published
  • 2023-03-10 EPSS Updated
  • 2024-08-07 CVE Updated
  • ---------- Exploited in Wild
  • ---------- KEV Due Date
  • ---------- First Exploit
CWE
CAPEC
References (27)
URL Tag Source
http://arstechnica.com/news.ars/post/20090113-new-method-of-phishmongering-could-fool-experienced-users.html X_refsource_misc
http://secunia.com/advisories/40326 Third Party Advisory
http://secunia.com/advisories/40401 Third Party Advisory
http://secunia.com/advisories/40481 Third Party Advisory
http://support.avaya.com/css/P8/documents/100091069 X_refsource_confirm
http://www.darkreading.com/security/attacks/showArticle.jhtml?articleID=212900161 X_refsource_misc
http://www.infoworld.com/article/09/01/13/Browser_bug_could_allow_phishing_without_email_1.html X_refsource_misc
http://www.mozilla.org/security/announce/2010/mfsa2010-33.html X_refsource_confirm
http://www.securityfocus.com/bid/33276 Vdb Entry
http://www.trusteer.com/files/In-session-phishing-advisory-2.pdf X_refsource_misc
http://www.vupen.com/english/advisories/2010/1551 Vdb Entry
http://www.vupen.com/english/advisories/2010/1557 Vdb Entry
http://www.vupen.com/english/advisories/2010/1592 Vdb Entry
http://www.vupen.com/english/advisories/2010/1640 Vdb Entry
http://www.vupen.com/english/advisories/2010/1773 Vdb Entry
https://bugzilla.mozilla.org/show_bug.cgi?id=475585 X_refsource_confirm
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11139 Signature
URL Date SRC
URL Date SRC
URL Date SRC
http://lists.fedoraproject.org/pipermail/package-announce/2010-June/043369.html 2017-09-29
http://lists.fedoraproject.org/pipermail/package-announce/2010-June/043405.html 2017-09-29
http://lists.opensuse.org/opensuse-security-announce/2010-07/msg00005.html 2017-09-29
http://ubuntu.com/usn/usn-930-1 2017-09-29
http://www.mandriva.com/security/advisories?name=MDVSA-2010:125 2017-09-29
http://www.redhat.com/support/errata/RHSA-2010-0500.html 2017-09-29
http://www.redhat.com/support/errata/RHSA-2010-0501.html 2017-09-29
http://www.ubuntu.com/usn/usn-930-2 2017-09-29
https://access.redhat.com/security/cve/CVE-2008-5913 2010-06-22
https://bugzilla.redhat.com/show_bug.cgi?id=480938 2010-06-22
Affected Vendors, Products, and Versions
Vendor Product Version Other Status
Vendor Product Version Other Status <-- --> Vendor Product Version Other Status
Mozilla
Search vendor "Mozilla"
 Firefox
Search vendor "Mozilla" for product "Firefox"
 3.5
Search vendor "Mozilla" for product "Firefox" and version "3.5"
-
Affected
Mozilla
Search vendor "Mozilla"
 Firefox
Search vendor "Mozilla" for product "Firefox"
 3.5.1
Search vendor "Mozilla" for product "Firefox" and version "3.5.1"
-
Affected
Mozilla
Search vendor "Mozilla"
 Firefox
Search vendor "Mozilla" for product "Firefox"
 3.5.2
Search vendor "Mozilla" for product "Firefox" and version "3.5.2"
-
Affected
Mozilla
Search vendor "Mozilla"
 Firefox
Search vendor "Mozilla" for product "Firefox"
 3.5.3
Search vendor "Mozilla" for product "Firefox" and version "3.5.3"
-
Affected
Mozilla
Search vendor "Mozilla"
 Firefox
Search vendor "Mozilla" for product "Firefox"
 3.5.4
Search vendor "Mozilla" for product "Firefox" and version "3.5.4"
-
Affected
Mozilla
Search vendor "Mozilla"
 Firefox
Search vendor "Mozilla" for product "Firefox"
 3.5.5
Search vendor "Mozilla" for product "Firefox" and version "3.5.5"
-
Affected
Mozilla
Search vendor "Mozilla"
 Firefox
Search vendor "Mozilla" for product "Firefox"
 3.5.6
Search vendor "Mozilla" for product "Firefox" and version "3.5.6"
-
Affected
Mozilla
Search vendor "Mozilla"
 Firefox
Search vendor "Mozilla" for product "Firefox"
 3.5.7
Search vendor "Mozilla" for product "Firefox" and version "3.5.7"
-
Affected
Mozilla
Search vendor "Mozilla"
 Firefox
Search vendor "Mozilla" for product "Firefox"
 3.5.8
Search vendor "Mozilla" for product "Firefox" and version "3.5.8"
-
Affected
Mozilla
Search vendor "Mozilla"
 Firefox
Search vendor "Mozilla" for product "Firefox"
 3.5.9
Search vendor "Mozilla" for product "Firefox" and version "3.5.9"
-
Affected
Mozilla
Search vendor "Mozilla"
 Firefox
Search vendor "Mozilla" for product "Firefox"
 3.6
Search vendor "Mozilla" for product "Firefox" and version "3.6"
-
Affected
Mozilla
Search vendor "Mozilla"
 Firefox
Search vendor "Mozilla" for product "Firefox"
 3.6.2
Search vendor "Mozilla" for product "Firefox" and version "3.6.2"
-
Affected
Mozilla
Search vendor "Mozilla"
 Firefox
Search vendor "Mozilla" for product "Firefox"
 3.6.3
Search vendor "Mozilla" for product "Firefox" and version "3.6.3"
-
Affected
Mozilla
Search vendor "Mozilla"
 Firefox
Search vendor "Mozilla" for product "Firefox"
 3.6.4
Search vendor "Mozilla" for product "Firefox" and version "3.6.4"
-
Affected
Mozilla
Search vendor "Mozilla"
 Seamonkey
Search vendor "Mozilla" for product "Seamonkey"
 <= 2.0.4
Search vendor "Mozilla" for product "Seamonkey" and version " <= 2.0.4"
-
Affected
Mozilla
Search vendor "Mozilla"
 Seamonkey
Search vendor "Mozilla" for product "Seamonkey"
 1.0
Search vendor "Mozilla" for product "Seamonkey" and version "1.0"
-
Affected
Mozilla
Search vendor "Mozilla"
 Seamonkey
Search vendor "Mozilla" for product "Seamonkey"
 1.0
Search vendor "Mozilla" for product "Seamonkey" and version "1.0"
alpha
Affected
Mozilla
Search vendor "Mozilla"
 Seamonkey
Search vendor "Mozilla" for product "Seamonkey"
 1.0
Search vendor "Mozilla" for product "Seamonkey" and version "1.0"
beta
Affected
Mozilla
Search vendor "Mozilla"
 Seamonkey
Search vendor "Mozilla" for product "Seamonkey"
 1.0.1
Search vendor "Mozilla" for product "Seamonkey" and version "1.0.1"
-
Affected
Mozilla
Search vendor "Mozilla"
 Seamonkey
Search vendor "Mozilla" for product "Seamonkey"
 1.0.2
Search vendor "Mozilla" for product "Seamonkey" and version "1.0.2"
-
Affected
Mozilla
Search vendor "Mozilla"
 Seamonkey
Search vendor "Mozilla" for product "Seamonkey"
 1.0.3
Search vendor "Mozilla" for product "Seamonkey" and version "1.0.3"
-
Affected
Mozilla
Search vendor "Mozilla"
 Seamonkey
Search vendor "Mozilla" for product "Seamonkey"
 1.0.4
Search vendor "Mozilla" for product "Seamonkey" and version "1.0.4"
-
Affected
Mozilla
Search vendor "Mozilla"
 Seamonkey
Search vendor "Mozilla" for product "Seamonkey"
 1.0.5
Search vendor "Mozilla" for product "Seamonkey" and version "1.0.5"
-
Affected
Mozilla
Search vendor "Mozilla"
 Seamonkey
Search vendor "Mozilla" for product "Seamonkey"
 1.0.6
Search vendor "Mozilla" for product "Seamonkey" and version "1.0.6"
-
Affected
Mozilla
Search vendor "Mozilla"
 Seamonkey
Search vendor "Mozilla" for product "Seamonkey"
 1.0.7
Search vendor "Mozilla" for product "Seamonkey" and version "1.0.7"
-
Affected
Mozilla
Search vendor "Mozilla"
 Seamonkey
Search vendor "Mozilla" for product "Seamonkey"
 1.0.8
Search vendor "Mozilla" for product "Seamonkey" and version "1.0.8"
-
Affected
Mozilla
Search vendor "Mozilla"
 Seamonkey
Search vendor "Mozilla" for product "Seamonkey"
 1.0.9
Search vendor "Mozilla" for product "Seamonkey" and version "1.0.9"
-
Affected
Mozilla
Search vendor "Mozilla"
 Seamonkey
Search vendor "Mozilla" for product "Seamonkey"
 1.1
Search vendor "Mozilla" for product "Seamonkey" and version "1.1"
-
Affected
Mozilla
Search vendor "Mozilla"
 Seamonkey
Search vendor "Mozilla" for product "Seamonkey"
 1.1
Search vendor "Mozilla" for product "Seamonkey" and version "1.1"
alpha
Affected
Mozilla
Search vendor "Mozilla"
 Seamonkey
Search vendor "Mozilla" for product "Seamonkey"
 1.1
Search vendor "Mozilla" for product "Seamonkey" and version "1.1"
beta
Affected
Mozilla
Search vendor "Mozilla"
 Seamonkey
Search vendor "Mozilla" for product "Seamonkey"
 1.1.1
Search vendor "Mozilla" for product "Seamonkey" and version "1.1.1"
-
Affected
Mozilla
Search vendor "Mozilla"
 Seamonkey
Search vendor "Mozilla" for product "Seamonkey"
 1.1.2
Search vendor "Mozilla" for product "Seamonkey" and version "1.1.2"
-
Affected
Mozilla
Search vendor "Mozilla"
 Seamonkey
Search vendor "Mozilla" for product "Seamonkey"
 1.1.3
Search vendor "Mozilla" for product "Seamonkey" and version "1.1.3"
-
Affected
Mozilla
Search vendor "Mozilla"
 Seamonkey
Search vendor "Mozilla" for product "Seamonkey"
 1.1.4
Search vendor "Mozilla" for product "Seamonkey" and version "1.1.4"
-
Affected
Mozilla
Search vendor "Mozilla"
 Seamonkey
Search vendor "Mozilla" for product "Seamonkey"
 1.1.5
Search vendor "Mozilla" for product "Seamonkey" and version "1.1.5"
-
Affected
Mozilla
Search vendor "Mozilla"
 Seamonkey
Search vendor "Mozilla" for product "Seamonkey"
 1.1.6
Search vendor "Mozilla" for product "Seamonkey" and version "1.1.6"
-
Affected
Mozilla
Search vendor "Mozilla"
 Seamonkey
Search vendor "Mozilla" for product "Seamonkey"
 1.1.7
Search vendor "Mozilla" for product "Seamonkey" and version "1.1.7"
-
Affected
Mozilla
Search vendor "Mozilla"
 Seamonkey
Search vendor "Mozilla" for product "Seamonkey"
 1.1.8
Search vendor "Mozilla" for product "Seamonkey" and version "1.1.8"
-
Affected
Mozilla
Search vendor "Mozilla"
 Seamonkey
Search vendor "Mozilla" for product "Seamonkey"
 1.1.9
Search vendor "Mozilla" for product "Seamonkey" and version "1.1.9"
-
Affected
Mozilla
Search vendor "Mozilla"
 Seamonkey
Search vendor "Mozilla" for product "Seamonkey"
 1.1.10
Search vendor "Mozilla" for product "Seamonkey" and version "1.1.10"
-
Affected
Mozilla
Search vendor "Mozilla"
 Seamonkey
Search vendor "Mozilla" for product "Seamonkey"
 1.1.11
Search vendor "Mozilla" for product "Seamonkey" and version "1.1.11"
-
Affected
Mozilla
Search vendor "Mozilla"
 Seamonkey
Search vendor "Mozilla" for product "Seamonkey"
 1.1.12
Search vendor "Mozilla" for product "Seamonkey" and version "1.1.12"
-
Affected
Mozilla
Search vendor "Mozilla"
 Seamonkey
Search vendor "Mozilla" for product "Seamonkey"
 1.1.13
Search vendor "Mozilla" for product "Seamonkey" and version "1.1.13"
-
Affected
Mozilla
Search vendor "Mozilla"
 Seamonkey
Search vendor "Mozilla" for product "Seamonkey"
 1.1.14
Search vendor "Mozilla" for product "Seamonkey" and version "1.1.14"
-
Affected
Mozilla
Search vendor "Mozilla"
 Seamonkey
Search vendor "Mozilla" for product "Seamonkey"
 1.1.15
Search vendor "Mozilla" for product "Seamonkey" and version "1.1.15"
-
Affected
Mozilla
Search vendor "Mozilla"
 Seamonkey
Search vendor "Mozilla" for product "Seamonkey"
 1.1.16
Search vendor "Mozilla" for product "Seamonkey" and version "1.1.16"
-
Affected
Mozilla
Search vendor "Mozilla"
 Seamonkey
Search vendor "Mozilla" for product "Seamonkey"
 1.1.17
Search vendor "Mozilla" for product "Seamonkey" and version "1.1.17"
-
Affected
Mozilla
Search vendor "Mozilla"
 Seamonkey
Search vendor "Mozilla" for product "Seamonkey"
 2.0
Search vendor "Mozilla" for product "Seamonkey" and version "2.0"
-
Affected
Mozilla
Search vendor "Mozilla"
 Seamonkey
Search vendor "Mozilla" for product "Seamonkey"
 2.0
Search vendor "Mozilla" for product "Seamonkey" and version "2.0"
alpha_1
Affected
Mozilla
Search vendor "Mozilla"
 Seamonkey
Search vendor "Mozilla" for product "Seamonkey"
 2.0
Search vendor "Mozilla" for product "Seamonkey" and version "2.0"
alpha_2
Affected
Mozilla
Search vendor "Mozilla"
 Seamonkey
Search vendor "Mozilla" for product "Seamonkey"
 2.0
Search vendor "Mozilla" for product "Seamonkey" and version "2.0"
alpha_3
Affected
Mozilla
Search vendor "Mozilla"
 Seamonkey
Search vendor "Mozilla" for product "Seamonkey"
 2.0
Search vendor "Mozilla" for product "Seamonkey" and version "2.0"
beta_1
Affected
Mozilla
Search vendor "Mozilla"
 Seamonkey
Search vendor "Mozilla" for product "Seamonkey"
 2.0
Search vendor "Mozilla" for product "Seamonkey" and version "2.0"
beta_2
Affected
Mozilla
Search vendor "Mozilla"
 Seamonkey
Search vendor "Mozilla" for product "Seamonkey"
 2.0
Search vendor "Mozilla" for product "Seamonkey" and version "2.0"
rc1
Affected
Mozilla
Search vendor "Mozilla"
 Seamonkey
Search vendor "Mozilla" for product "Seamonkey"
 2.0
Search vendor "Mozilla" for product "Seamonkey" and version "2.0"
rc2
Affected
Mozilla
Search vendor "Mozilla"
 Seamonkey
Search vendor "Mozilla" for product "Seamonkey"
 2.0.1
Search vendor "Mozilla" for product "Seamonkey" and version "2.0.1"
-
Affected
Mozilla
Search vendor "Mozilla"
 Seamonkey
Search vendor "Mozilla" for product "Seamonkey"
 2.0.2
Search vendor "Mozilla" for product "Seamonkey" and version "2.0.2"
-
Affected
Mozilla
Search vendor "Mozilla"
 Seamonkey
Search vendor "Mozilla" for product "Seamonkey"
 2.0.3
Search vendor "Mozilla" for product "Seamonkey" and version "2.0.3"
-
Affected