QwikSec

Security Database

CVE

CWE

Training

CVE-2014-1516

Published: Mar 29, 2014

Modified: Aug 6, 2024

PUBLISHED

Description

The saltProfileName function in base/GeckoProfileDirectories.java in Mozilla Firefox through 28.0.1 on Android relies on Android's weak approach to seeding the Math.random function, which makes it easier for attackers to bypass a profile-randomization protection mechanism via a crafted application.

Vendor	Product	Versions
n/a	n/a	affected `n/a`

References

http://www.slideshare.net/ibmsecurity/overtaking-firefox-profiles-vulnerabilities-in-firefox-for-android

x_refsource_MISC

20140326 Firefox for Android Profile Directory Derandomization and Data Exfiltration (CVE-2014-1484, CVE-2014-1506, CVE-2014-1515, CVE-2014-1516)

mailing-list

x_refsource_BUGTRAQ

http://securityintelligence.com/vulnerabilities-firefox-android-overtaking-firefox-profiles/

x_refsource_MISC

Security Training

Train your team to recognize and prevent security threats with our comprehensive security awareness program.

Vulnerability Scanning

Discover vulnerabilities in your applications and infrastructure before attackers do.