Facebook Google Plus Twitter LinkedIn YouTube RSS Menu Search Resource - BlogResource - WebinarResource - ReportResource - Eventicons_066 icons_067icons_068icons_069icons_070

Mozilla Firefox for Android < 37.0 DNS Cache Poisoning

Medium

Synopsis

The remote Android host was detected using an outdated version of Mozilla Firefox which is vulnerable to DNS cache poisoning attacks.

Description

Versions of Mozilla Firefox for Android earlier than 37.0 are affected by a flaw in 'android/res_init.c' within the Fennec name resolver that is due to insufficient entropy in the pseudo-random number generator (PRNG). This may allow a context-dependent attacker to conduct a DNS cache poisoning attack.

Solution

Upgrade to Mozilla Firefox 37.0 or later from the Google Play app store.