Lucene search
MozillaCVE-2015-0800HistoryApr 01, 2015 - 10:59 a.m.
CVE-2015-0800
2015-04-0110:59:01
CWE-200
mozilla
web.nvd.nist.gov
41
cve-2015-0800
prng
dns resolver
mozilla firefox
fennec
android
remote attackers
spoofing
cve-2012-2808
nvd
CVSS2
5
Attack Vector
NETWORK
Attack Complexity
LOW
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
NONE
Availability Impact
NONE
AV:N/AC:L/Au:N/C:P/I:N/A:N
AI Score
8.9
Confidence
High
EPSS
0.003
Percentile
70.6%
The PRNG implementation in the DNS resolver in Mozilla Firefox (aka Fennec) before 37.0 on Android does not properly generate random numbers for query ID values and UDP source ports, which makes it easier for remote attackers to spoof DNS responses by guessing these numbers, a related issue to CVE-2012-2808.
Affected configurations
Node
mozillafirefoxRange≤36.0.4
googleandroid
Related
cvelist
cvelist
CVE-2012-2808
2015-04-01 10:00:00
CVE-2015-0800
2015-04-01 10:00:00
mozilla
mozilla
PRNG weakness allows for DNS poisoning on Android — Mozilla
2015-03-31 00:00:00
nvd
nvd
CVE-2015-0800
2015-04-01 10:59:01
CVE-2012-2808
2015-04-01 10:59:00
prion
prion
Design/Logic Flaw
2015-04-01 10:59:00
Design/Logic Flaw
2015-04-01 10:59:00
ubuntucve
ubuntucve
CVE-2015-0800
2015-04-01 00:00:00
cve
cve
CVE-2012-2808
2015-04-01 10:59:00
thn
thn
CVE-2012-2808 : Android 4.0.4 DNS poisoning vulnerability Exposed
2012-07-24 23:19:00
freebsd
freebsd
mozilla -- multiple vulnerabilities
2015-03-31 00:00:00
nessus
nessus
securityvulns
securityvulns
Mozilla Firefox / Thunderbird / Seamonkey multiple security vulnerabilities
2015-04-08 00:00:00
symantec
symantec
SA117 : OpenSSL Vulnerabilities 1-Mar-2016
2016-03-07 08:00:00
CVSS2
5
Attack Vector
NETWORK
Attack Complexity
LOW
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
NONE
Availability Impact
NONE
AV:N/AC:L/Au:N/C:P/I:N/A:N
AI Score
8.9
Confidence
High
EPSS
0.003
Percentile
70.6%
Related for CVE-2015-0800