Dangerous Vulnerability Found in Mozilla VPN Client
The Linux version of the Mozilla VPN client “has been affected by a dangerous security issue within the software's authentication process” for the past few months, reports Alfonso Maruccia.
The flaw was discovered by SUSE developers, who found that the program contains a “privileged D-Bus service running as root and a Polkit policy.”
They disclosed the issue to Mozilla in May but failed to get a proper response, Maruccia says. “Mozilla has now assigned the issue a CVE-2023-4104 tracking code, while plans are already in motion to change the authentication process in the VPN client.”
Read more at TechSpot.
08/09/2023
Related content
-
Tested – Tenable Nessus v6
To ensure your servers and workstations are well protected against attacks on your network, you need a professional security scanner. In version 6, Tenable has substantially expanded its Nessus vulnerability scanner. We pointed the software at a number of test computers. - Remote Code Execution Vulnerability Found in Cisco
- Vulnerabilities Discovered in IoT Software Suite
-
Vulnerability assessment best practices for enterprises
A vulnerability assessment is an important step toward protecting an organization's critical IT assets. - X.org Vulnerabilities Discovered