Weak Seeding of Math.random in Mozilla Firefox for Android Allows Profile Bypass

Weak Seeding of Math.random in Mozilla Firefox for Android Allows Profile Bypass

CVE-2014-1516 · MEDIUM Severity

AV:N/AC:L/AU:N/C:P/I:N/A:N

The saltProfileName function in base/GeckoProfileDirectories.java in Mozilla Firefox through 28.0.1 on Android relies on Android's weak approach to seeding the Math.random function, which makes it easier for attackers to bypass a profile-randomization protection mechanism via a crafted application.

Learn more about our Cis Benchmark Audit For Google Android.