Mozilla Foundation Security Advisory 2023-39

Security Issues fixed in Mozilla VPN for Linux v2.16.1

Announced
August 30, 2023
Impact
moderate
Products
Mozilla VPN client for Linux
Fixed in
  • Mozilla VPN client for Linux v2.16.1

#CVE-2023-4104: Local user authentication flaws in Mozilla VPN client for Linux in v2.16.0 and below.

Reporter
Matthias Gerstner
Impact
moderate
Description

An invalid Polkit Authentication check and missing authentication requirements for D-Bus methods allowed any local user to configure arbitrary VPN setups.
This bug only affects Mozilla VPN on Linux. Other operating systems are unaffected.

References