nsHttpDigestAuth cnonce exposes rand() values
Similar concerns as #22919 (moved).
rand() is used to calculate the
cnonce in https://searchfox.org/mozilla-esr68/rev/8a8a004bc8de67bab762f1dfcea7683ba81311ce/netwerk/protocol/http/nsHttpDigestAuth.cpp#300, which is sent to the server.
Even though it's only leaking some bits per
rand() call, it might still be possible to recover the seed (e.g. with something like https://github.com/Z3Prover/z3, or maybe easier, not sure). Depending on how often
srand is called this might be equivalent to a session id (per content process?). Well, the usual problems that guessing the seed of a global PRNG has.
I think we should investigate this, or just directly patch as I don't see many drawbacks of having secure random numbers here.