nsHttpDigestAuth cnonce exposes rand() values
Similar concerns as #22919 (moved).
rand()
is used to calculate the cnonce
in https://searchfox.org/mozilla-esr68/rev/8a8a004bc8de67bab762f1dfcea7683ba81311ce/netwerk/protocol/http/nsHttpDigestAuth.cpp#300, which is sent to the server.
Even though it's only leaking some bits per rand()
call, it might still be possible to recover the seed (e.g. with something like https://github.com/Z3Prover/z3, or maybe easier, not sure). Depending on how often srand
is called this might be equivalent to a session id (per content process?). Well, the usual problems that guessing the seed of a global PRNG has.
I think we should investigate this, or just directly patch as I don't see many drawbacks of having secure random numbers here.