Mozilla Foundation Security Advisory 2023-39
Security Issues in Mozilla VPN for Linux prior to v2.16.1
- Announced
- August 30, 2023
- Impact
- moderate
- Products
- Mozilla VPN client for Linux in
- Fixed in
-
- Mozilla VPN client for Linux in v2.16.1
- Reporter
- Matthias Gerstner
- Impact
- moderate
Description
An invalid Polkit Authentication check and missing authentication requirements for D-Bus methods allowed any local user to configure arbitrary VPN setups.
This bug only affects Mozilla VPN on Linux. Other operating systems are unaffected.
References