Vulnerability found in Mozilla VPN systems
Security researcher DoHyun Lee has found a vulnerability in Mozilla’s VPN software. Due to the vulnerability, a hacker who has access to a system could also gain system rights to completely take over a device.
The vulnerability discovered by researcher DoHyun Lee is that Mozilla VPN can load an OpenSSL configuration from an insecure directory. A malicious person could gain system privileges through this vulnerability. If a hacker would have limited rights and access to the system, he could already gain full control over a device due to the vulnerability.
The security researcher has reported the vulnerability to Mozilla. Mozilla immediately released a security update for the VPN. The vulnerability has been fixed with the update.
Mozilla is best known to most people for its widely used Firefox browser. Recently, the company also decided to launch a VPN. Mozilla currently still rents its server network from the renowned VPN provider Mullvad.
Mozilla still has a lot of improvement to make before their VPN service can compete with the better and more user-friendly VPN providers. Vulnerabilities like this also show that there is still work to be done.
For Mozilla VPN users, it is wise to update to Mozilla VPN 2.7.1 now, if this has not already been done automatically.
Catch up on more articles here
Follow us on Twitter here