Mozilla Vpn
Recent Mozilla Vpn Security Advisories
| Advisory | Title | Published |
|---|---|---|
| mfsa2023-39 | Security Issues in Mozilla VPN for Linux prior to v2.16.1 mfsa2023-39 | August 30, 2023 |
| mfsa2022-08 | Mozilla VPN local privilege escalation vis uncontrolled OpenSSL search path mfsa2022-08 | February 23, 2022 |
| mfsa2021-31 | Multiple Low Security Issues in Mozilla VPN mfsa2021-31 | July 14, 2021 |
| mfsa2020-48 | OAuth session fixation vulnerability in Mozilla VPN mfsa2020-48 | November 4, 2020 |
By the Year
In 2024 there have been 0 vulnerabilities in Mozilla Vpn . Last year Vpn had 1 security vulnerability published. Right now, Vpn is on track to have less security vulnerabilities in 2024 than it did last year.
| Year | Vulnerabilities | Average Score |
|---|---|---|
| 2024 | 0 | 0.00 |
| 2023 | 1 | 5.50 |
| 2022 | 2 | 7.70 |
| 2021 | 0 | 0.00 |
| 2020 | 0 | 0.00 |
| 2019 | 0 | 0.00 |
| 2018 | 0 | 0.00 |
It may take a day or so for new Vpn vulnerabilities to show up in the stats or in the list of recent security vulnerabilties. Additionally vulnerabilities may be tagged under a different product or component name.
Recent Mozilla Vpn Security Vulnerabilities
An invalid Polkit Authentication check and missing authentication requirements for D-Bus methods
CVE-2023-4104
5.5 - Medium
- September 11, 2023
An invalid Polkit Authentication check and missing authentication requirements for D-Bus methods allowed any local user to configure arbitrary VPN setups. *This bug only affects Mozilla VPN on Linux. Other operating systems are unaffected.* This vulnerability affects Mozilla VPN client for Linux < v2.16.1.
AuthZ
Mozilla VPN can load an OpenSSL configuration file from an unsecured directory
CVE-2022-0517
7.8 - High
- December 22, 2022
Mozilla VPN can load an OpenSSL configuration file from an unsecured directory. A user or attacker with limited privileges could leverage this to launch arbitrary code with SYSTEM privilege. This vulnerability affects Mozilla VPN < 2.7.1.
Unrestricted File Upload
An OAuth session fixation vulnerability existed in the VPN login flow, where an attacker could craft a custom login URL, convince a VPN user to login via
CVE-2020-15679
7.6 - High
- December 22, 2022
An OAuth session fixation vulnerability existed in the VPN login flow, where an attacker could craft a custom login URL, convince a VPN user to login via that URL, and obtain authenticated access as that user. This issue is limited to cases where attacker and victim are sharing the same source IP and could allow the ability to view session states and disconnect VPN sessions. This vulnerability affects Mozilla VPN iOS 1.0.7 < (929), Mozilla VPN Windows < 1.2.2, and Mozilla VPN Android 1.1.0 < (1360).
Session Fixation
Stay on top of Security Vulnerabilities
Want an email whenever new vulnerabilities are published for Mozilla Vpn or by Mozilla? Click the Watch button to subscribe.
