Mozilla Foundation Security Advisory 2010-33
Title: User tracking across sites using Math.random()
Announced: June 22, 2010
Reporter: Amit Klein
Products: Firefox, SeaMonkey
Fixed in: Firefox 3.6.4, 3.6.9
Firefox 3.5.10, 3.5.12
Security researcher Amit Klein reported that it
was possible to reverse engineer the value used to
Math.random(). Since the pseudo-random number
generator was only seeded once per browsing session, this seed value
could be used as a unique token to identify and track users across
different web sites.
Update (October 27, 2010): After the Firefox 3.6.4 and Firefox 3.5.10 releases, Amit Klein reported that there was an additional unfixed case where user tracking could occur using the above-mentioned technique and a pop-up window or iframe that was subsequently navigated by the user. This additional variant is identified as CVE-2010-3171.