Lucene search
Mozilla FoundationMFSA2015-41HistoryMar 31, 2015 - 12:00 a.m.
PRNG weakness allows for DNS poisoning on Android — Mozilla
2015-03-3100:00:00
Mozilla Foundation
www.mozilla.org
28
CVSS2
5
Attack Vector
NETWORK
Attack Complexity
LOW
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
NONE
Availability Impact
NONE
AV:N/AC:L/Au:N/C:P/I:N/A:N
EPSS
0.003
Percentile
70.6%
Mozilla developer Daniel Stenberg reported that the DNS resolver in Firefox for Android uses an insufficiently random algorithm when generating random numbers for the unique identifier. This was derived from an old version of the Bionic libc library and suffered from insufficient randomness in the pseudo-random number generator (PRNG) as described by Roee Hay and Roi Saltzman.
Affected configurations
Node
mozillafirefoxRange<37
Related
ubuntucve
ubuntucve
CVE-2015-0800
2015-04-01 00:00:00
prion
prion
Design/Logic Flaw
2015-04-01 10:59:00
Design/Logic Flaw
2015-04-01 10:59:00
cve
cve
CVE-2012-2808
2015-04-01 10:59:00
CVE-2015-0800
2015-04-01 10:59:01
cvelist
cvelist
CVE-2012-2808
2015-04-01 10:00:00
CVE-2015-0800
2015-04-01 10:00:00
nvd
nvd
CVE-2012-2808
2015-04-01 10:59:00
CVE-2015-0800
2015-04-01 10:59:01
thn
thn
CVE-2012-2808 : Android 4.0.4 DNS poisoning vulnerability Exposed
2012-07-24 23:19:00
freebsd
freebsd
mozilla -- multiple vulnerabilities
2015-03-31 00:00:00
nessus
nessus
securityvulns
securityvulns
Mozilla Firefox / Thunderbird / Seamonkey multiple security vulnerabilities
2015-04-08 00:00:00
symantec
symantec
SA117 : OpenSSL Vulnerabilities 1-Mar-2016
2016-03-07 08:00:00
CVSS2
5
Attack Vector
NETWORK
Attack Complexity
LOW
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
NONE
Availability Impact
NONE
AV:N/AC:L/Au:N/C:P/I:N/A:N
EPSS
0.003
Percentile
70.6%
Related for MFSA2015-41