CVE-2025-5687
- EPSS 0.02%
- Veröffentlicht 11.06.2025 12:07:49
- Zuletzt bearbeitet 02.07.2025 16:09:01
A vulnerability in Mozilla VPN on macOS allows privilege escalation from a normal user to root. *This bug only affects Mozilla VPN on macOS. Other operating systems are unaffected.* This vulnerability affects Mozilla VPN 2.28.0 < (macOS).
CVE-2023-4104
- EPSS 0.1%
- Veröffentlicht 11.09.2023 09:15:08
- Zuletzt bearbeitet 03.07.2025 14:15:25
An invalid Polkit Authentication check and missing authentication requirements for D-Bus methods allowed any local user to configure arbitrary VPN setups. *This bug only affects Mozilla VPN on Linux. Other operating systems are unaffected.* This vuln...
CVE-2022-0517
- EPSS 0.12%
- Veröffentlicht 22.12.2022 20:15:12
- Zuletzt bearbeitet 16.04.2025 16:15:19
Mozilla VPN can load an OpenSSL configuration file from an unsecured directory. A user or attacker with limited privileges could leverage this to launch arbitrary code with SYSTEM privilege. This vulnerability affects Mozilla VPN < 2.7.1.
CVE-2020-15679
- EPSS 0.4%
- Veröffentlicht 22.12.2022 20:15:10
- Zuletzt bearbeitet 16.04.2025 16:15:17
An OAuth session fixation vulnerability existed in the VPN login flow, where an attacker could craft a custom login URL, convince a VPN user to login via that URL, and obtain authenticated access as that user. This issue is limited to cases where att...