Vulnerabilities > Mozilla > VPN
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2023-09-11 | CVE-2023-4104 | Missing Authorization vulnerability in Mozilla VPN 2.16.0 An invalid Polkit Authentication check and missing authentication requirements for D-Bus methods allowed any local user to configure arbitrary VPN setups. *This bug only affects Mozilla VPN on Linux. | 5.5 |
| 2022-12-22 | CVE-2020-15679 | Session Fixation vulnerability in Mozilla VPN 1.0.7/1.1.0 An OAuth session fixation vulnerability existed in the VPN login flow, where an attacker could craft a custom login URL, convince a VPN user to login via that URL, and obtain authenticated access as that user. | 7.6 |
| 2022-12-22 | CVE-2022-0517 | Unrestricted Upload of File with Dangerous Type vulnerability in Mozilla VPN Mozilla VPN can load an OpenSSL configuration file from an unsecured directory. | 7.8 |