Lucene search

K
cve[email protected]CVE-2015-0800
HistoryApr 01, 2015 - 10:59 a.m.

CVE-2015-0800

2015-04-0110:59:00
CWE-200
web.nvd.nist.gov
32
cve-2015-0800
prng
dns resolver
mozilla firefox
fennec
android
remote attackers
spoofing
cve-2012-2808
nvd

8.9 High

AI Score

Confidence

Low

5 Medium

CVSS2

Access Vector

NETWORK

Access Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

NONE

Availability Impact

NONE

AV:N/AC:L/Au:N/C:P/I:N/A:N

0.003 Low

EPSS

Percentile

70.5%

The PRNG implementation in the DNS resolver in Mozilla Firefox (aka Fennec) before 37.0 on Android does not properly generate random numbers for query ID values and UDP source ports, which makes it easier for remote attackers to spoof DNS responses by guessing these numbers, a related issue to CVE-2012-2808.

CPENameOperatorVersion
mozilla:firefoxmozilla firefoxle36.0.4

8.9 High

AI Score

Confidence

Low

5 Medium

CVSS2

Access Vector

NETWORK

Access Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

NONE

Availability Impact

NONE

AV:N/AC:L/Au:N/C:P/I:N/A:N

0.003 Low

EPSS

Percentile

70.5%