Dangerous Vulnerability Found in Mozilla VPN Client
The Linux version of the Mozilla VPN client “has been affected by a dangerous security issue within the software's authentication process” for the past few months, reports Alfonso Maruccia.
The flaw was discovered by SUSE developers, who found that the program contains a “privileged D-Bus service running as root and a Polkit policy.”
They disclosed the issue to Mozilla in May but failed to get a proper response, Maruccia says. “Mozilla has now assigned the issue a CVE-2023-4104 tracking code, while plans are already in motion to change the authentication process in the VPN client.”
Read more at TechSpot.
08/09/2023