Mozilla VPN local privilege escalation vis uncontrolled OpenSSL search path
- February 23, 2022
- Mozilla VPN
- Fixed in
- Mozilla VPN 2.7.1
- DoHyun Lee (@l33d0hyun) of DNSLab, Korea University
Mozilla VPN can load an OpenSSL configuration file from an unsecured directory. A user or attacker with limited privileges could leverage this to launch arbitrary code with SYSTEM privilege.