CVE-2015-0800

Published: Apr 1, 2015Modified: May 6, 2026

5.0

Vector

AV:N/AC:L/Au:N/C:P/I:N/A:N

Exploitability: 10.0 / Impact: 2.9

Source: NVD

Description

The PRNG implementation in the DNS resolver in Mozilla Firefox (aka Fennec) before 37.0 on Android does not properly generate random numbers for query ID values and UDP source ports, which makes it easier for remote attackers to spoof DNS responses by guessing these numbers, a related issue to CVE-2012-2808.

Affected (1)

Products: Mozilla: Firefox

1 product

Configuration A

1 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Mozilla Firefox	Up to 36.0.4

Running on/with	Platform Versions
Google Android	All versions

Related CWEs

Exposure of Sensitive Information to an Unauthorized Actor

The product exposes sensitive information to an actor that is not explicitly authorized to have access to that information.

References (8)

http://www.mozilla.org/security/announce/2015/mfsa2015-41.html

Source: security@mozilla.org

Vendor Advisory

http://www.oracle.com/technetwork/topics/security/bulletinapr2016-2952098.html

Source: security@mozilla.org

http://www.securitytracker.com/id/1031996

Source: security@mozilla.org

https://bugzilla.mozilla.org/show_bug.cgi?id=1110212

Source: security@mozilla.org

http://www.mozilla.org/security/announce/2015/mfsa2015-41.html

Source: af854a3a-2127-422b-91ae-364da2661108

Vendor Advisory

http://www.oracle.com/technetwork/topics/security/bulletinapr2016-2952098.html

Source: af854a3a-2127-422b-91ae-364da2661108

http://www.securitytracker.com/id/1031996

Source: af854a3a-2127-422b-91ae-364da2661108

https://bugzilla.mozilla.org/show_bug.cgi?id=1110212

Source: af854a3a-2127-422b-91ae-364da2661108

Timeline

No history available yet.