CVE-2014-1516Mozilla Firefox vulnerability

CWE-2643 documents3 sources
Severity
5.0MEDIUMNVD
EPSS
0.2%
top 64.34%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
1
Mozilla Firefox
Timeline
PublishedMar 29
Latest updateMay 17

Description

The saltProfileName function in base/GeckoProfileDirectories.java in Mozilla Firefox through 28.0.1 on Android relies on Android's weak approach to seeding the Math.random function, which makes it easier for attackers to bypass a profile-randomization protection mechanism via a crafted application.

CVSS vector

AV:N/AC:L/C:P/I:N/A:NExploitability: 10.0 | Impact: 2.9

Affected Packages1 packages

NVDmozilla/firefox28.0.1

🔴Vulnerability Details

1
GHSA
GHSA-q7vj-643r-959g: The saltProfileName function in base/GeckoProfileDirectories2022-05-17

💬Community

1
Bugzilla
Security vulnerability: Weak randomness of profile directories2013-11-28