Mozilla Foundation Security Advisory 2010-33
Title: User tracking across sites using Math.random()
Impact: Low
Announced: June 22, 2010
Reporter: Amit Klein
Products: Firefox, SeaMonkey
Fixed in: Firefox 3.6.4
Firefox 3.5.10
SeaMonkey 2.0.5
Description
Security researcher Amit Klein reported that it was possible to reverse engineer the value used to seed Math.random(). Since the pseudo-random number generator was only seeded once per browsing session, this seed value could be used as a unique token to identify and track users across different web sites.
References
* https://bugzilla.mozilla.org/show_bug.cgi?id=475585
* CVE-2008-5913