<--

Firefox for Android Profile Directory Name Weak Randomization

Aleph Research Advisory

Identifier

Severity

Moderate

Product

Firefox for Android

Technical Details

GeckoProfile.saltProfileName, which generates the Firefox Profile directory name, uses Math.random() which is cryptographically insecure - its seed relies on the ‘innerRandom’ object creation time (in ms precision) and its VA. Both factors are not random. The creation time can be leaked by an adversary and the VA lacks randomness due to ineffective ASLR in the Dalvik VM process. Since the Dalvik VM is forked from the Zygote process, the VA of the Dalvik Heap is the same for all Android Dalvik applications. To conclude, the seed is not random, thus the profile directory name entropy is far from the ideal \(41.36\) random bits (\(\log 368\)) and can be predicted by the adversary.

Timeline

Credit

External References