Lucene search
K

4 matches found

CVE
CVE
added 2022/12/22 12:0 a.m.218 views

CVE-2020-15679

CVE-2020-15679 describes an OAuth session fixation vulnerability in Mozilla VPN’s login flow. Affected software includes Mozilla VPN iOS up to 1.0.7, Mozilla VPN Windows prior to 1.2.2, and Mozilla VPN Android up to 1.1.0. Root cause: vulnerability in the login process that allows an attacker (sh...

7.6CVSS6.7AI score0.00469EPSS
CVE
CVE
added 2023/09/11 8:2 a.m.130 views

CVE-2023-4104

CVE-2023-4104 affects Mozilla VPN on Linux. The root cause is an invalid Polkit authentication check and missing authentication requirements for D-Bus methods, enabling any local user to configure arbitrary VPN setups. Impact is limited to Mozilla VPN on Linux; other OSes are unaffected. Mozilla ...

5.5CVSS5.4AI score0.00353EPSS
CVE
CVE
added 2022/12/22 12:0 a.m.66 views

CVE-2022-0517

Mozilla VPN is affected by a local privilege escalation vulnerability where an OpenSSL configuration file can be loaded from an unsecured directory. This allows a user or low-privilege attacker to execute arbitrary code with SYSTEM privileges on affected builds prior to 2.7.1. Remediation is to u...

7.8CVSS7.5AI score0.00185EPSS
CVE
CVE
added 2025/06/11 12:7 p.m.55 views

CVE-2025-5687

Summary: CVE-2025-5687 affects Mozilla VPN on macOS and allows privilege escalation from a normal user to root. The issue is limited to macOS builds of Mozilla VPN; other OSes are unaffected. Affected product/version: Mozilla VPN on macOS, specifically versions prior to 2.28.0 (macOS). Root cause...

7.8CVSS5.8AI score0.00113EPSS