Discover Privacy News
Mozilla VPN: Security Flaw Opens Door to Multiple Integrity Breaches
A cybersecurity researcher from SUSE, a Linux distribution manufacturer, has made public a serious security flaw in the Mozilla VPN client for Linux.
Mozilla has been slow to correct it. Yet this vulnerability could enable malicious actors to commit a host of integrity violations.
In an article published on Openwall, Matthias Gerstner mentions a faulty authentication check in the Mozilla VPN Client v2.14.1.
This vulnerability was discovered when, as part of a standard procedure, SUSE engineers analyzed the Mozilla VPN client before adding it to openSUSE Tumbleweed, a Linux distribution.
The analysis showed that the VPN software “contains a privileged D-Bus service running as root and a Polkit policy”, which basically means that the D-Bus call will work for any user account, regardless of privileges.