Lucene search

[email protected]CVE-2015-0800

HistoryApr 01, 2015 - 10:59 a.m.

CVE-2015-0800

2015-04-0110:59:00

CWE-200

[email protected]

web.nvd.nist.gov

cve-2015-0800

prng

dns resolver

mozilla firefox

fennec

android

remote attackers

spoofing

cve-2012-2808

nvd

8.9 High

AI Score

Confidence

Low

5 Medium

CVSS2

Access Vector

NETWORK

Access Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

NONE

Availability Impact

NONE

AV:N/AC:L/Au:N/C:P/I:N/A:N

0.003 Low

EPSS

Percentile

70.5%

JSON

The PRNG implementation in the DNS resolver in Mozilla Firefox (aka Fennec) before 37.0 on Android does not properly generate random numbers for query ID values and UDP source ports, which makes it easier for remote attackers to spoof DNS responses by guessing these numbers, a related issue to CVE-2012-2808.

CPENameOperatorVersion
mozilla:firefoxmozilla firefoxle36.0.4

CPE	Name	Operator	Version
mozilla:firefox	mozilla firefox	le	36.0.4

References

www.mozilla.org/security/announce/2015/mfsa2015-41.html

www.oracle.com/technetwork/topics/security/bulletinapr2016-2952098.html

www.securitytracker.com/id/1031996

bugzilla.mozilla.org/show_bug.cgi?id=1110212

8.9 High

AI Score

Confidence

Low

5 Medium

CVSS2

Access Vector

NETWORK

Access Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

NONE

Availability Impact

NONE

AV:N/AC:L/Au:N/C:P/I:N/A:N

0.003 Low

EPSS

Percentile

70.5%

JSON

Related for CVE-2015-0800

prion2 ubuntucve1 cve1 cvelist2 mozilla1 thn1 nessus1 freebsd1 securityvulns1 symantec1