Vulnerability Description
The PRNG implementation in the DNS resolver in Mozilla Firefox (aka Fennec) before 37.0 on Android does not properly generate random numbers for query ID values and UDP source ports, which makes it easier for remote attackers to spoof DNS responses by guessing these numbers, a related issue to CVE-2012-2808.
CVSS Score
MEDIUM
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Mozilla | Firefox | <= 36.0.4 |
| Android | All versions |
Related Weaknesses (CWE)
References
- http://www.mozilla.org/security/announce/2015/mfsa2015-41.htmlVendor Advisory
- http://www.oracle.com/technetwork/topics/security/bulletinapr2016-2952098.html
- http://www.securitytracker.com/id/1031996
- https://bugzilla.mozilla.org/show_bug.cgi?id=1110212
- http://www.mozilla.org/security/announce/2015/mfsa2015-41.htmlVendor Advisory
- http://www.oracle.com/technetwork/topics/security/bulletinapr2016-2952098.html
- http://www.securitytracker.com/id/1031996
- https://bugzilla.mozilla.org/show_bug.cgi?id=1110212
FAQ
What is CVE-2015-0800?
CVE-2015-0800 is a vulnerability with a CVSS score of 5.0 (MEDIUM). The PRNG implementation in the DNS resolver in Mozilla Firefox (aka Fennec) before 37.0 on Android does not properly generate random numbers for query ID values and UDP source ports, which makes it ea...
How severe is CVE-2015-0800?
CVE-2015-0800 has been rated MEDIUM with a CVSS base score of 5.0/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2015-0800?
Check the references section above for vendor advisories and patch information. Affected products include: Mozilla Firefox, Google Android.