CVE-2009-1696

WebKit in Apple Safari before 4.0, iPhone OS 1.0 through 2.2.1, and iPhone OS for iPod touch 1.1 through 2.2.1 uses predictable random numbers in JavaScript applications, which makes it easier for remote web servers to track the behavior of a Safari user during a session.

Published: Jun 10, 2009
Updated: Apr 13, 2023
CVE: CVE-2009-1696
Severity: Medium
Exploit:

CVSS v2:

Severity: Medium
Score: 5
AV:N/AC:L/Au:N/C:P/I:N/A:N

CWEs:

CWE-310

Affected Software
References

Software	From	Fixed in
apple / safari	1.1	1.1.x
apple / safari	1.3.1	1.3.1.x
apple / safari	3.2.3	3.2.3.x
apple / safari	2.0.2	2.0.2.x
apple / safari	3.1	3.1.x
apple / safari	3.1.2	3.1.2.x
apple / safari	3.0	3.0.x
apple / safari	0.8	0.8.x
apple / safari	2.0	2.0.x
apple / safari	3.0.4	3.0.4.x
apple / safari	0.9	0.9.x
apple / safari	3.0.3	3.0.3.x
apple / safari	1.3.2	1.3.2.x
apple / safari	1.2	1.2.x
apple / safari	-	4.0_beta.x
apple / safari	3.2.1	3.2.1.x
apple / safari	3.0.2	3.0.2.x
apple / safari	2.0.4	2.0.4.x
apple / safari	3.1.1	3.1.1.x
apple / safari	1.0.3	1.0.3.x
apple / safari	1.0	1.0.x
apple / safari	1.3	1.3.x
apple / safari	3.2	3.2.x
apple / safari	3.0.1	3.0.1.x
apple / safari	-	3.2.3.x
apple / safari	3.2.2	3.2.2.x

Vulnerability Database

289,784

CVE-2009-1696