{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/2188?format=json","vulnerability_id":"VCID-k4zg-4qj2-r7eg","summary":"Security researcher Amit Klein reported that it\nwas possible to reverse engineer the value used to\nseed Math.random().  Since the pseudo-random number\ngenerator was only seeded once per browsing session, this seed value\ncould be used as a unique token to identify and track users across\ndifferent web sites.Update (October 27, 2010): After the Firefox 3.6.4\nand Firefox 3.5.10 releases, Amit Klein reported that there was an\nadditional unfixed case where user tracking could occur using the\nabove-mentioned technique and a pop-up window or iframe that was\nsubsequently navigated by the user.  This additional variant is\nidentified as CVE-2010-3171.","aliases":[{"alias":"CVE-2008-5913"}],"fixed_packages":[],"affected_packages":[],"references":[{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-5913","reference_id":"CVE-2008-5913","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-5913"},{"reference_url":"https://www.mozilla.org/en-US/security/advisories/mfsa2010-33","reference_id":"mfsa2010-33","reference_type":"","scores":[{"value":"low","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.mozilla.org/en-US/security/advisories/mfsa2010-33"}],"weaknesses":[],"exploits":[],"severity_range_score":"0.1 - 3","exploitability":null,"weighted_severity":null,"risk_score":null,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-k4zg-4qj2-r7eg"}