Vulnerability Report

CVE-2010-3804

Title: Apple Webkit Cryptographic Failures

Other

Proof Of Concept

PoC Available for CVE-2010-3804

CWE Category CWE-310
Published Date Nov 22, 2010
Modified Date Jun 16, 2026
Exploit Status Available
Score 5.0 CVSS v2.0
Exploit Probability (EPSS)
9.13%

Vulnerability Summary

CVE-2010-3804: The JavaScript implementation in WebKit in Apple Safari before 5.0.3 on Mac OS X 10.5 through 10.6 and Windows, and before 4.1.3 on Mac OS X 10.4, uses a weak algorithm for generating values of random numbers, which makes it easier for remote attackers to track a user by predicting a value, a related issue to CVE-2008-5913 and CVE-2010-3171.

Impacted Vendors

W
webkit 1
A
apple 2

Reference Links

http://lists.apple.com/archives/security-announce/2010//Nov/msg00002.html http://lists.apple.com/archives/security-announce/2010//Nov/msg00003.html http://lists.opensuse.org/opensuse-security-announce/2011-01/msg00006.html http://secunia.com/advisories/42314 http://secunia.com/advisories/43068 http://support.apple.com/kb/HT4455 http://support.apple.com/kb/HT4456 http://www.vupen.com/english/advisories/2010/3046 http://www.vupen.com/english/advisories/2011/0212 https://exchange.xforce.ibmcloud.com/vulnerabilities/63347 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11495 http://lists.apple.com/archives/security-announce/2010//Nov/msg00002.html http://lists.apple.com/archives/security-announce/2010//Nov/msg00003.html http://lists.opensuse.org/opensuse-security-announce/2011-01/msg00006.html http://secunia.com/advisories/42314 http://secunia.com/advisories/43068 http://support.apple.com/kb/HT4455 http://support.apple.com/kb/HT4456 http://www.vupen.com/english/advisories/2010/3046 http://www.vupen.com/english/advisories/2011/0212 https://exchange.xforce.ibmcloud.com/vulnerabilities/63347 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11495
CVSS v2.0
Source Entity [email protected]
Severity MEDIUM
5.0
Access Vector
N/A
Authentication
N/A
RAW VECTOR AV:N/AC:L/Au:N/C:P/I:N/A:N

Associated Attack Patterns (CAPEC)

Total: Patterns

CVE-2010-3804 Exploits & PoCs (Proof Of Concept)

Exploit-DB https://www.exploit-db.com/exploits/35005
View Code
Exploit-DB https://www.exploit-db.com/exploits/35006
View Code
MODIFIED

Vulnerability data updated via NVD.

MODIFIED

Vulnerability data updated via NVD.

MODIFIED

Vulnerability data or affected products updated.

PUBLISHED

Vulnerability first announced in NVD.

Attack Vector Matrix

Access Vector N/A
Complexity N/A
Privileges N/A
Interaction NONE
CVSS Vector String AV:N/AC:L/Au:N/C:P/I:N/A:N

Affected Stack

No specific products linked.