PT-2015-4884 · Mozilla · Firefox

Bagder

Published

2015-04-01

Updated

2024-12-12

CVE-2015-0800

CVSS v2.0

5.0

Medium

Vector

AV:N/AC:L/Au:N/C:P/I:N/A:N

Name of the Vulnerable Software and Affected Versions Mozilla Firefox (aka Fennec) versions prior to 37.0 on Android

Description The issue is related to the PRNG implementation in the DNS resolver, which does not generate random numbers correctly for query ID values and UDP source ports. This makes it easier for remote attackers to spoof DNS responses by guessing these numbers.

Recommendations For Mozilla Firefox (aka Fennec) versions prior to 37.0 on Android, update to version 37.0 or later to resolve the issue.

Fix

Information Disclosure

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-200

Related Identifiers

CVE-2015-0800

OPENSUSE-SU-2024:10071-1

OPENSUSE-SU-2024:14572-1

Affected Products

Firefox

PT-2015-4884 · Mozilla · Firefox

CVE-2015-0800

Weakness Enumeration

Related Identifiers

Affected Products

References · 2062