Mozilla VPN: Security Flaw Opens Door to Multiple Integrity Breaches
1 min read
Aug 21, 2023
A cybersecurity researcher from SUSE, a Linux distribution manufacturer, has made public a serious security flaw in the Mozilla VPN client for Linux.
Mozilla has been slow to correct it. Yet this vulnerability could enable malicious actors to commit a host of integrity violations.
In an article published on Openwall, Matthias Gerstner mentions a faulty authentication check in the Mozilla VPN Client v2.14.1.
This vulnerability was discovered when, as part of a standard procedure, SUSE engineers analyzed the Mozilla VPN client before adding it to openSUSE Tumbleweed, a Linux distribution.
The analysis showed that the VPN software “contains a privileged D-Bus service running as root and a Polkit policy”, which basically means that the D-Bus call will work for any user account, regardless of privileges.
Related Articles
1 - 0 min read
Spectre V2: A New Threat to Linux Systems
1 - 0 min read
Hacked VMs Reveal New Attack Risks
1 - 0 min read
Multiple Chromium DoS, Info Disclosure Vulns Fixed [Updated]
