Predictable Math.random() in browsers

[Florian Weimer <fw () deneb enyo de>]

<http://www.trusteer.com/temporary-user-tracking-in-major-browsers>
describes what essentially is a weakness in Math.random()---it's
predictable and its state is shared across domains.

Contrary to the report, I'm more worried about the general
consequences of weak random numbers.  Browsers should probably use a
stronger PRNG which doesn't leak its state, so that the shared state
doesn't matter.