5 matches found
CVE-2014-1516
The saltProfileName function in base/GeckoProfileDirectories.java in Mozilla Firefox through 28.0.1 on Android relies on Android's weak approach to seeding the Math.random function, which makes it easier for attackers to bypass a profile-randomization protection mechanism via a crafted applicatio...
CVE-2014-1516
CVE-2014-1516 affects Mozilla Firefox for Android (up to version 28.0.1) where the saltProfileName in GeckoProfileDirectories.java relies on Android’s weak Math.random seeding, enabling a crafted application to bypass the profile-randomization protection. The vulnerability arises from weak random...
Firefox for Android Profile Directory Derandomization and Data Exfiltration (CVE-2014-1484, CVE-2014-1506, CVE-2014-1515, CVE-2014-1516)
Hi, We have recently discovered a series of vulnerabilities in Firefox for Android that allows a malicious application to successfully derandomize the Firefox profile directory name in a practical amount of time and then leak sensitive data such as cookies and cached information which reside in...
Multiple Vulnerabilities in Firefox for Android Leak Sensitive Information
The Android operating system has hardened its security with application Sandboxing features to ensure that no application can access sensitive information held by another without proper privileges. Android applications communicate with each other through Intents and these intents can be abused by...
Mozilla Firefox for Android < 28.0.1 Multiple Vulnerabilities
Binary data 8175.prm...