CVE-2015-0800

The PRNG implementation in the DNS resolver in Mozilla Firefox (aka Fennec) before 37.0 on Android does not properly generate random numbers for query ID values and UDP source ports, which makes it easier for remote attackers to spoof DNS responses by guessing these numbers, a related issue to CVE-2012-2808.
ProviderTypeBase ScoreAtk. VectorAtk. ComplexityPriv. RequiredVector
NISTPrimary
5 UNKNOWN
NETWORK
LOW
AV:N/AC:L/Au:N/C:P/I:N/A:N
Base Score
CVSS 3.x
EPSS Score
Percentile: 64%
Affected Products (NVD)
VendorProductVersion
mozillafirefox
𝑥
≤ 36.0.4
𝑥
= Vulnerable software versions
Ubuntu logo
Ubuntu Releases
Ubuntu Product
Codename
firefox
lucid
ignored
precise
not-affected
trusty
dne
utopic
not-affected
openSUSE logo
openSUSE / SLES Releases
openSUSE Product
Release
MozillaFirefox
suse enterprise desktop 15
52.7.3-1.35
fixed
suse enterprise desktop 15 SP1
60.6.2-3.32.1
fixed
suse enterprise desktop 15 SP2
68.8.0-3.87.1
fixed
suse enterprise desktop 15 SP3
78.10.0-8.38.1
fixed
suse enterprise desktop 15 SP4
91.8.0-150200.152.26.1
fixed
suse enterprise desktop 15 SP5
102.11.0-150200.152.87.1
fixed
suse enterprise desktop 15 SP6
115.10.0-150200.152.134.1
fixed
suse enterprise desktop 15 SP7
128.9.0-150200.152.176.1
fixed
suse enterprise sap 15
52.7.3-1.35
fixed
suse enterprise sap 15 SP1
60.6.2-3.32.1
fixed
suse enterprise sap 15 SP2
68.8.0-3.87.1
fixed
suse enterprise sap 15 SP3
78.10.0-8.38.1
fixed
suse enterprise sap 15 SP4
91.8.0-150200.152.26.1
fixed
suse enterprise sap 15 SP5
102.11.0-150200.152.87.1
fixed
suse enterprise sap 15 SP6
115.10.0-150200.152.134.1
fixed
suse enterprise sap 15 SP7
128.9.0-150200.152.176.1
fixed
suse enterprise server 15
52.7.3-1.35
fixed
suse enterprise server 15 SP1
60.6.2-3.32.1
fixed
suse enterprise server 15 SP2
68.8.0-3.87.1
fixed
suse enterprise server 15 SP3
78.10.0-8.38.1
fixed
suse enterprise server 15 SP4
91.8.0-150200.152.26.1
fixed
suse enterprise server 15 SP5
102.11.0-150200.152.87.1
fixed
suse enterprise server 15 SP6
115.10.0-150200.152.134.1
fixed
suse enterprise server 15 SP7
128.9.0-150200.152.176.1
fixed
MozillaFirefox-devel
suse enterprise desktop 15
52.7.3-1.35
fixed
suse enterprise desktop 15 SP1
60.6.2-3.32.1
fixed
suse enterprise desktop 15 SP2
68.8.0-3.87.1
fixed
suse enterprise desktop 15 SP3
78.10.0-8.38.1
fixed
suse enterprise desktop 15 SP4
91.8.0-150200.152.26.1
fixed
suse enterprise desktop 15 SP5
102.11.0-150200.152.87.1
fixed
suse enterprise desktop 15 SP6
102.12.0-150200.152.90.1
fixed
suse enterprise desktop 15 SP7
102.12.0-150200.152.90.1
fixed
suse enterprise sap 15
52.7.3-1.35
fixed
suse enterprise sap 15 SP1
60.6.2-3.32.1
fixed
suse enterprise sap 15 SP2
68.8.0-3.87.1
fixed
suse enterprise sap 15 SP3
78.10.0-8.38.1
fixed
suse enterprise sap 15 SP4
91.8.0-150200.152.26.1
fixed
suse enterprise sap 15 SP5
102.11.0-150200.152.87.1
fixed
suse enterprise sap 15 SP6
102.12.0-150200.152.90.1
fixed
suse enterprise sap 15 SP7
102.12.0-150200.152.90.1
fixed
suse enterprise server 15
52.7.3-1.35
fixed
suse enterprise server 15 SP1
60.6.2-3.32.1
fixed
suse enterprise server 15 SP2
68.8.0-3.87.1
fixed
suse enterprise server 15 SP3
78.10.0-8.38.1
fixed
suse enterprise server 15 SP4
91.8.0-150200.152.26.1
fixed
suse enterprise server 15 SP5
102.11.0-150200.152.87.1
fixed
suse enterprise server 15 SP6
102.12.0-150200.152.90.1
fixed
suse enterprise server 15 SP7
102.12.0-150200.152.90.1
fixed
MozillaFirefox-translations-common
suse enterprise desktop 15
52.7.3-1.35
fixed
suse enterprise desktop 15 SP1
60.6.2-3.32.1
fixed
suse enterprise desktop 15 SP2
68.8.0-3.87.1
fixed
suse enterprise desktop 15 SP3
78.10.0-8.38.1
fixed
suse enterprise desktop 15 SP4
91.8.0-150200.152.26.1
fixed
suse enterprise desktop 15 SP5
102.11.0-150200.152.87.1
fixed
suse enterprise desktop 15 SP6
115.10.0-150200.152.134.1
fixed
suse enterprise desktop 15 SP7
128.9.0-150200.152.176.1
fixed
suse enterprise sap 15
52.7.3-1.35
fixed
suse enterprise sap 15 SP1
60.6.2-3.32.1
fixed
suse enterprise sap 15 SP2
68.8.0-3.87.1
fixed
suse enterprise sap 15 SP3
78.10.0-8.38.1
fixed
suse enterprise sap 15 SP4
91.8.0-150200.152.26.1
fixed
suse enterprise sap 15 SP5
102.11.0-150200.152.87.1
fixed
suse enterprise sap 15 SP6
115.10.0-150200.152.134.1
fixed
suse enterprise sap 15 SP7
128.9.0-150200.152.176.1
fixed
suse enterprise server 15
52.7.3-1.35
fixed
suse enterprise server 15 SP1
60.6.2-3.32.1
fixed
suse enterprise server 15 SP2
68.8.0-3.87.1
fixed
suse enterprise server 15 SP3
78.10.0-8.38.1
fixed
suse enterprise server 15 SP4
91.8.0-150200.152.26.1
fixed
suse enterprise server 15 SP5
102.11.0-150200.152.87.1
fixed
suse enterprise server 15 SP6
115.10.0-150200.152.134.1
fixed
suse enterprise server 15 SP7
128.9.0-150200.152.176.1
fixed
MozillaFirefox-translations-other
suse enterprise desktop 15
52.7.3-1.35
fixed
suse enterprise desktop 15 SP1
60.6.2-3.32.1
fixed
suse enterprise desktop 15 SP2
68.8.0-3.87.1
fixed
suse enterprise desktop 15 SP3
78.10.0-8.38.1
fixed
suse enterprise desktop 15 SP4
91.8.0-150200.152.26.1
fixed
suse enterprise desktop 15 SP5
102.11.0-150200.152.87.1
fixed
suse enterprise desktop 15 SP6
115.10.0-150200.152.134.1
fixed
suse enterprise desktop 15 SP7
128.9.0-150200.152.176.1
fixed
suse enterprise sap 15
52.7.3-1.35
fixed
suse enterprise sap 15 SP1
60.6.2-3.32.1
fixed
suse enterprise sap 15 SP2
68.8.0-3.87.1
fixed
suse enterprise sap 15 SP3
78.10.0-8.38.1
fixed
suse enterprise sap 15 SP4
91.8.0-150200.152.26.1
fixed
suse enterprise sap 15 SP5
102.11.0-150200.152.87.1
fixed
suse enterprise sap 15 SP6
115.10.0-150200.152.134.1
fixed
suse enterprise sap 15 SP7
128.9.0-150200.152.176.1
fixed
suse enterprise server 15
52.7.3-1.35
fixed
suse enterprise server 15 SP1
60.6.2-3.32.1
fixed
suse enterprise server 15 SP2
68.8.0-3.87.1
fixed
suse enterprise server 15 SP3
78.10.0-8.38.1
fixed
suse enterprise server 15 SP4
91.8.0-150200.152.26.1
fixed
suse enterprise server 15 SP5
102.11.0-150200.152.87.1
fixed
suse enterprise server 15 SP6
115.10.0-150200.152.134.1
fixed
suse enterprise server 15 SP7
128.9.0-150200.152.176.1
fixed
Common Weakness Enumeration
References
http://www.mozilla.org/security/announce/2015/mfsa2015-41.html
http://www.oracle.com/technetwork/topics/security/bulletinapr2016-2952098.html
http://www.securitytracker.com/id/1031996
https://bugzilla.mozilla.org/show_bug.cgi?id=1110212
http://www.mozilla.org/security/announce/2015/mfsa2015-41.html
http://www.oracle.com/technetwork/topics/security/bulletinapr2016-2952098.html
http://www.securitytracker.com/id/1031996
https://bugzilla.mozilla.org/show_bug.cgi?id=1110212