PT-2015-4884 · Mozilla · Firefox

Bagder

Publicado

2015-04-01

Atualizado

2024-12-12

CVE-2015-0800

CVSS v2.0

5.0

Média

Vetor

AV:N/AC:L/Au:N/C:P/I:N/A:N

Name of the Vulnerable Software and Affected Versions Mozilla Firefox (aka Fennec) versions prior to 37.0 on Android

Description The issue is related to the PRNG implementation in the DNS resolver, which does not generate random numbers correctly for query ID values and UDP source ports. This makes it easier for remote attackers to spoof DNS responses by guessing these numbers.

Recommendations For Mozilla Firefox (aka Fennec) versions prior to 37.0 on Android, update to version 37.0 or later to resolve the issue.

Correção

Information Disclosure

Encontrou algum problema na descrição? Tem algo a acrescentar? Fique à vontade para nos escrever 👾

dbugs@ptsecurity.com

Enumeração de Fraquezas

CWE-200

Identificadores relacionados

CVE-2015-0800

OPENSUSE-SU-2024:10071-1

OPENSUSE-SU-2024:14572-1

Produtos afetados

Firefox

PT-2015-4884 · Mozilla · Firefox

CVE-2015-0800

Enumeração de Fraquezas

Identificadores relacionados

Produtos afetados

Referências · 2062