PT-2014-4216 · Mozilla · Firefox
Published
2014-03-29
·
Updated
2014-03-31
·
CVE-2014-1516
CVSS v2.0
5.0
Medium
| Vector | AV:N/AC:L/Au:N/C:P/I:N/A:N |
Name of the Vulnerable Software and Affected Versions
Mozilla Firefox versions through 28.0.1
Description
The issue relies on Android's weak approach to seeding the Math.random function, making it easier for attackers to bypass a profile-randomization protection mechanism via a crafted application. This is related to the saltProfileName function in base/GeckoProfileDirectories.java.
Recommendations
For versions through 28.0.1, update to a version that addresses this issue to prevent attackers from bypassing the profile-randomization protection mechanism.
Exploit
Fix
Found an issue in the description? Have something to add? Feel free to write us 👾
Weakness Enumeration
Related Identifiers
Affected Products
Firefox