4 matches found
CVE-2020-15679
CVE-2020-15679 describes an OAuth session fixation vulnerability in Mozilla VPN’s login flow. Affected software includes Mozilla VPN iOS up to 1.0.7, Mozilla VPN Windows prior to 1.2.2, and Mozilla VPN Android up to 1.1.0. Root cause: vulnerability in the login process that allows an attacker (sh...
CVE-2023-4104
CVE-2023-4104 affects Mozilla VPN on Linux. The root cause is an invalid Polkit authentication check and missing authentication requirements for D-Bus methods, enabling any local user to configure arbitrary VPN setups. Impact is limited to Mozilla VPN on Linux; other OSes are unaffected. Mozilla ...
CVE-2022-0517
Mozilla VPN is affected by a local privilege escalation vulnerability where an OpenSSL configuration file can be loaded from an unsecured directory. This allows a user or low-privilege attacker to execute arbitrary code with SYSTEM privileges on affected builds prior to 2.7.1. Remediation is to u...
CVE-2025-5687
Summary: CVE-2025-5687 affects Mozilla VPN on macOS and allows privilege escalation from a normal user to root. The issue is limited to macOS builds of Mozilla VPN; other OSes are unaffected. Affected product/version: Mozilla VPN on macOS, specifically versions prior to 2.28.0 (macOS). Root cause...