Mozilla

Vpn

4 vulnerabilities found.

Hinweis: Diese Liste kann unvollständig sein. Daten werden ohne Gewähr im Ursprungsformat bereitgestellt.
7.8

CVE-2025-5687

  • EPSS 0.02%
  • Published 11.06.2025 12:07:49
  • Last modified 02.07.2025 16:09:01

A vulnerability in Mozilla VPN on macOS allows privilege escalation from a normal user to root. *This bug only affects Mozilla VPN on macOS. Other operating systems are unaffected.* This vulnerability affects Mozilla VPN 2.28.0 < (macOS).

5.5

CVE-2023-4104

Exploit
  • EPSS 0.1%
  • Published 11.09.2023 09:15:08
  • Last modified 03.07.2025 14:15:25

An invalid Polkit Authentication check and missing authentication requirements for D-Bus methods allowed any local user to configure arbitrary VPN setups. *This bug only affects Mozilla VPN on Linux. Other operating systems are unaffected.* This vuln...

7.8

CVE-2022-0517

  • EPSS 0.12%
  • Published 22.12.2022 20:15:12
  • Last modified 16.04.2025 16:15:19

Mozilla VPN can load an OpenSSL configuration file from an unsecured directory. A user or attacker with limited privileges could leverage this to launch arbitrary code with SYSTEM privilege. This vulnerability affects Mozilla VPN < 2.7.1.

7.6

CVE-2020-15679

  • EPSS 0.4%
  • Published 22.12.2022 20:15:10
  • Last modified 16.04.2025 16:15:17

An OAuth session fixation vulnerability existed in the VPN login flow, where an attacker could craft a custom login URL, convince a VPN user to login via that URL, and obtain authenticated access as that user. This issue is limited to cases where att...