Security Weaknesses in Mozilla VPN Found and Addressed by Audit (fossbytes.com) 12
"Recently, browsing leader Mozilla shared the result of an independent security audit on its VPN service," reports Fossbytes.
"Upon inspection, a few vulnerabilities were discovered in the VPN, one of which was reportedly a major risk." In a blog post, Mozilla shared that Cure53, a Berlin-based cybersecurity firm, had identified and fixed the security vulnerabilities in its VPN... The most severe issue, labeled "FVP-02-014," made the user vulnerable to cross-site WebSocket hijacking. Moreover, the medium-risk vulnerabilities revolved around "VPN leak via captive portal detection" and "Auth code leak" by injecting the port. However, these sophisticated terms shouldn't worry you anymore as Cure53 has already addressed these weaknesses. There has also been no mention of any Mozilla VPN users falling victim to these either.
The Firefox developer's public post that outlines the security flaws detected by the German firm provides users an insight into the potential risks of using a VPN. Moreover, these audits also help Mozilla iron out any issues that its one-year-old VPN service might have.
"Upon inspection, a few vulnerabilities were discovered in the VPN, one of which was reportedly a major risk." In a blog post, Mozilla shared that Cure53, a Berlin-based cybersecurity firm, had identified and fixed the security vulnerabilities in its VPN... The most severe issue, labeled "FVP-02-014," made the user vulnerable to cross-site WebSocket hijacking. Moreover, the medium-risk vulnerabilities revolved around "VPN leak via captive portal detection" and "Auth code leak" by injecting the port. However, these sophisticated terms shouldn't worry you anymore as Cure53 has already addressed these weaknesses. There has also been no mention of any Mozilla VPN users falling victim to these either.
The Firefox developer's public post that outlines the security flaws detected by the German firm provides users an insight into the potential risks of using a VPN. Moreover, these audits also help Mozilla iron out any issues that its one-year-old VPN service might have.
Re: (Score:2)
Too many websites rely on your IP for location and it would be a fucking nightmare if they all thought I was elsewhere.
That's nice. Thank you for sharing your experience.
Leader? (Score:4, Funny)
"Recently, browsing leader Mozilla . . .
Browsing leader?
https://gs.statcounter.com/browser-market-share
Re: (Score:2)
Stop poking holes in the advertisement. There are people who's livelihoods are at risk because of your inconsiderate actions!
Also, math is sexist.
Re: (Score:2)
I think that's how they self-identify, so it's probably not polite to call them out on that.
Some eyeballs found it (Score:4, Insightful)
The weakness was found because the source is available, it is a validation of Linus's law - given enough eyeballs, all bugs are shallow [wikipedia.org]
Re: (Score:2)
The ophthalmology industry should be the most secure then.
Re: (Score:2)
Not to mention the funeral industry...
But, but, but, Rust! (Score:1)
Rust makes security issues a thing of the past. Just search for CVE on Rust, you won't find any because Rust is Just That Good!
Don't trust your personal data to Mozilla (Score:2)
They can't even handle different opinions maturely. Remember how they created a hostile working environment for the creator of Javascript over a personal donation *half a decade* ago? https://eu.usatoday.com/story/... [usatoday.com]
Signing a letter against Richard M. Stallman https://rms-open-letter.github... [github.io]
Literally calling for more deplatforming: https://blog.mozilla.org/en/mo... [mozilla.org] ('We need more than deplatforming').
Why would you trust a company like that to respect your privacy?