The saltProfileName function in base/GeckoProfileDirectories.java in Mozilla Firefox through 28.0.1 on Android relies on Android's weak approach to seeding the Math.random function, which makes it easier for attackers to bypass a profile-randomization protection mechanism via a crafted application.
History

No history.

cve-icon MITRE

Status: PUBLISHED

Assigner: mozilla

Published: 2014-03-29T20:00:00

Updated: 2024-08-06T09:42:36.134Z

Reserved: 2014-01-16T00:00:00

Link: CVE-2014-1516

cve-icon Vulnrichment

No data.

cve-icon NVD

Status : Modified

Published: 2014-03-29T20:55:04.123

Modified: 2024-11-21T02:04:27.660

Link: CVE-2014-1516

cve-icon Redhat

No data.