New writeup by Amit Klein (Trusteer): "Cross-domain information
Hi list
I would like to announce a new writeup, titled "Cross-domain=20
information leakage in Firefox 3.6.4-3.6.8, Firefox 3.5.10-3.5.11=20
and Firefox 4.0 Beta1".
The writeup is available in the following URL:
http://www.trusteer.com/sites/default/files/Cross_domain_Math_Random_leakag=
e_in_FF_3.6.4-3.6.8.pdf
Abstract:
While Mozilla attempted to address the issues of cross domain=20
information leakage (through Math.random) in Firefox 3.6.4, Firefox=20
3.5.10 and Firefox 4.0 Beta-1, there is still a security=20
vulnerability in the way the isolation is implemented, which enables=20
cross domain leakage. In fact, it may make it easier to attack=20
Firefox in some cases, compared to previous versions.
Additionally, a concerned is raised on the entropy provided in the=20
seed to the Math.random PRNG, which may enable more powerful attacks.
This isolation issue was fixed in Firefox 3.6.9, 3.5.12 and 4.0 Beta2.
This issue has been assigned a CVE code CVE-2010-3171.
Thanks,
-Amit
Amit Klein, CTO, Trusteer