Lucene search
MozillaCVE-2014-1516HistoryMar 29, 2014 - 8:55 p.m.
CVE-2014-1516
2014-03-2920:55:04
CWE-264
mozilla
web.nvd.nist.gov
27
mozilla
firefox
android
cve-2014-1516
security
weak randomization
attack
nvd
CVSS2
5
Attack Vector
NETWORK
Attack Complexity
LOW
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
NONE
Availability Impact
NONE
AV:N/AC:L/Au:N/C:P/I:N/A:N
AI Score
6.4
Confidence
Low
EPSS
0.001
Percentile
48.7%
The saltProfileName function in base/GeckoProfileDirectories.java in Mozilla Firefox through 28.0.1 on Android relies on Android’s weak approach to seeding the Math.random function, which makes it easier for attackers to bypass a profile-randomization protection mechanism via a crafted application.
Affected configurations
Node
mozillafirefoxRange≤28.0.1
googleandroid
Related
cvelist
cvelist
CVE-2014-1516
2014-03-29 20:00:00
prion
prion
Design/Logic Flaw
2014-03-29 20:55:00
nvd
nvd
CVE-2014-1516
2014-03-29 20:55:04
nessus
nessus
Mozilla Firefox for Android < 28.0.1 Multiple Vulnerabilities
2014-03-26 00:00:00
thn
thn
Multiple Vulnerabilities in Firefox for Android Leak Sensitive Information
2014-03-26 22:00:00
securityvulns
securityvulns
CVSS2
5
Attack Vector
NETWORK
Attack Complexity
LOW
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
NONE
Availability Impact
NONE
AV:N/AC:L/Au:N/C:P/I:N/A:N
AI Score
6.4
Confidence
Low
EPSS
0.001
Percentile
48.7%
Related for CVE-2014-1516