Privilege Escalation vulnerability in Mozilla VPN

Original Issue Date: February 28, 2022

Severity Rating: HIGH

Software Affected

Mozilla VPN versions prior to2.7.1

Overview

A Privilege Escalation vulnerability has been reported in Mozilla VPN which could allow attacker with limited privileges to execute arbitrary code on the targeted system.

Description

This vulnerability exists in Mozilla VPN due to loading of OpenSSL configuration file from an unsecured directory. An attacker with limited privileges could exploit this vulnerability by using a special-crafted OpenSSL configuration.

Successful exploitation of this vulnerability could allow an attacker to execute arbitrary code with SYSTEM privilege.

Solution

Upgrade to Mozilla VPN 2.7.1

Please Share This Share this content

You Might Also Like

Privilege escalation vulnerability in VMware Tools for Windows

Multiple Vulnerabilities in Mozilla Products

Multiple Vulnerabilities in Cisco IOS XR software

Leave a Reply Cancel reply

Share this content