Dangerous Vulnerability Found in Mozilla VPN Client
The Linux version of the Mozilla VPN client “has been affected by a dangerous security issue within the software's authentication process” for the past few months, reports Alfonso Maruccia.
The flaw was discovered by SUSE developers, who found that the program contains a “privileged D-Bus service running as root and a Polkit policy.”
They disclosed the issue to Mozilla in May but failed to get a proper response, Maruccia says. “Mozilla has now assigned the issue a CVE-2023-4104 tracking code, while plans are already in motion to change the authentication process in the VPN client.”
Read more at TechSpot.
Related content
-
Tested – Tenable Nessus v6
To ensure your servers and workstations are well protected against attacks on your network, you need a professional security scanner. In version 6, Tenable has substantially expanded its Nessus vulnerability scanner. We pointed the software at a number of test computers. - Remote Code Execution Vulnerability Found in Cisco
- Vulnerabilities Discovered in IoT Software Suite
-
Vulnerability assessment best practices for enterprises
A vulnerability assessment is an important step toward protecting an organization's critical IT assets. - X.org Vulnerabilities Discovered
Subscribe to our ADMIN Newsletters
Subscribe to our Linux Newsletters
Find Linux and Open Source Jobs
Most Popular
Support Our Work
ADMIN content is made possible with support from readers like you. Please consider contributing when you've found an article to be beneficial.
