Firefox for Android Profile Directory Name Weak Randomization

Aleph Research Advisory





Firefox for Android

Technical Details

GeckoProfile.saltProfileName, which generates the Firefox Profile directory name, uses Math.random() which is cryptographically insecure - its seed relies on the ‘innerRandom’ object creation time (in ms precision) and its VA. Both factors are not random. The creation time can be leaked by an adversary and the VA lacks randomness due to ineffective ASLR in the Dalvik VM process. Since the Dalvik VM is forked from the Zygote process, the VA of the Dalvik Heap is the same for all Android Dalvik applications. To conclude, the seed is not random, thus the profile directory name entropy is far from the ideal \(41.36\) random bits (\(\log 368\)) and can be predicted by the adversary.



External References