Recent Vulnerabilities Research Posts Trends Blog About Contact

Related Vulnerabilities: CVE-2022-0517

Source

Mozilla Foundation Security Advisory 2022-08

Mozilla VPN local privilege escalation vis uncontrolled OpenSSL search path

Announced

February 23, 2022

Impact

high

Products

Mozilla VPN

Fixed in

Mozilla VPN 2.7.1

#CVE-2022-0517: Local privilege escalation vis uncontrolled OpenSSL search path

Reporter: DoHyun Lee (@l33d0hyun) of DNSLab, Korea University
Impact: high

Description

Mozilla VPN can load an OpenSSL configuration file from an unsecured directory. A user or attacker with limited privileges could leverage this to launch arbitrary code with SYSTEM privilege.

References

Bug 1752291

Vulmon Search is a vulnerability search engine. It gives comprehensive vulnerability information through a very simple user interface.

Home Recent Vulnerabilities Research Posts Trends Blog About Contact

Vulmon Search Vulmon Research Vulmon Alerts Vulmap

Twitter Reddit Linkedin Facebook

Mozilla VPN local privilege escalation vis uncontrolled OpenSSL search path

Mozilla VPN local privilege escalation vis uncontrolled OpenSSL search path

#CVE-2022-0517: Local privilege escalation vis uncontrolled OpenSSL search path

Description

References

Vulmon Search

About

Products

Connect