Multiple Low Security Issues in Mozilla VPN by Mozilla
CVE-2021-29978

9.8CRITICAL

Key Information:

Vendor
Mozilla
Status
Mozilla Vpn
Vendor
CVE Published:
5 August 2021

Summary

Mozilla VPN versions prior to 2.3 have been identified with several low security issues as a result of a comprehensive security audit. These vulnerabilities may compromise user security and should be addressed promptly. Users are advised to upgrade to the latest version to ensure the integrity of their VPN service.

Affected Version(s)

Mozilla VPN < 2.3

References

https://www.mozilla.org/security/advisories/mfsa2021-31/
x_refsource_MISC
https://github.com/mozilla-mobile/mozilla-vpn-client/issu...
x_refsource_MISC
https://github.com/mozilla-mobile/mozilla-vpn-client/issu...
x_refsource_MISC

CVSS V3.1

Score:
9.8
Severity:
CRITICAL
Confidentiality:
High
Integrity:
High
Availability:
High
Attack Vector:
Network
Attack Complexity:
Low
Privileges Required:
None
User Interaction:
None
Scope:
Unchanged

Timeline

  • Vulnerability published

  • Vulnerability Reserved

.