Mozilla Vpn
Don't miss out!
Thousands of developers use stack.watch to stay informed.Get an email whenever new security vulnerabilities are reported in Mozilla Vpn.
Recent Mozilla Vpn Security Advisories
| Advisory | Title | Published |
|---|---|---|
| mfsa2025-48 | Security Issue fixed in Mozilla VPN for macOS v2.28.0 mfsa2025-48 | May 30, 2025 |
| mfsa2023-39 | Security Issues in Mozilla VPN for Linux prior to v2.16.1 mfsa2023-39 | August 30, 2023 |
| mfsa2022-08 | Mozilla VPN local privilege escalation vis uncontrolled OpenSSL search path mfsa2022-08 | February 23, 2022 |
| mfsa2021-31 | Multiple Low Security Issues in Mozilla VPN mfsa2021-31 | July 14, 2021 |
| mfsa2020-48 | OAuth session fixation vulnerability in Mozilla VPN mfsa2020-48 | November 4, 2020 |
By the Year
In 2026 there have been 0 vulnerabilities in Mozilla Vpn. Last year, in 2025 Vpn had 1 security vulnerability published. Right now, Vpn is on track to have less security vulnerabilities in 2026 than it did last year.
| Year | Vulnerabilities | Average Score |
|---|---|---|
| 2026 | 0 | 0.00 |
| 2025 | 1 | 0.00 |
| 2024 | 0 | 0.00 |
| 2023 | 1 | 5.50 |
| 2022 | 2 | 7.70 |
It may take a day or so for new Vpn vulnerabilities to show up in the stats or in the list of recent security vulnerabilities. Additionally vulnerabilities may be tagged under a different product or component name.
Recent Mozilla Vpn Security Vulnerabilities
Mozilla VPN <2.28.0 macOS PE Vulnerability
CVE-2025-5687
- June 11, 2025
A vulnerability in Mozilla VPN on macOS allows privilege escalation from a normal user to root. *This bug only affects Mozilla VPN on macOS. Other operating systems are unaffected.* This vulnerability affects Mozilla VPN 2.28.0 < (macOS).
Local User VPN Configuration via Polkit Auth Skip in Mozilla VPN <2.16.1 (Linux)
CVE-2023-4104
5.5 - Medium
- September 11, 2023
An invalid Polkit Authentication check and missing authentication requirements for D-Bus methods allowed any local user to configure arbitrary VPN setups. *This bug only affects Mozilla VPN on Linux. Other operating systems are unaffected.* This vulnerability affects Mozilla VPN 2.16.1 < (Linux).
AuthZ
Mozilla VPN <2.7.1 insecure OpenSSL config for SYSTEM privilege escalation
CVE-2022-0517
7.8 - High
- December 22, 2022
Mozilla VPN can load an OpenSSL configuration file from an unsecured directory. A user or attacker with limited privileges could leverage this to launch arbitrary code with SYSTEM privilege. This vulnerability affects Mozilla VPN < 2.7.1.
Unrestricted File Upload
Mozilla VPN OAuth Session Fix (iOS<1.0.7, Win<1.2.2, Android<1.1.0)
CVE-2020-15679
7.6 - High
- December 22, 2022
An OAuth session fixation vulnerability existed in the VPN login flow, where an attacker could craft a custom login URL, convince a VPN user to login via that URL, and obtain authenticated access as that user. This issue is limited to cases where attacker and victim are sharing the same source IP and could allow the ability to view session states and disconnect VPN sessions. This vulnerability affects Mozilla VPN iOS 1.0.7 < (929), Mozilla VPN Windows < 1.2.2, and Mozilla VPN Android 1.1.0 < (1360).
Session Fixation
Stay on top of Security Vulnerabilities
Want an email whenever new vulnerabilities are published for Mozilla Vpn or by Mozilla? Click the Watch button to subscribe.
