Download Firefox

Firefox is no longer supported on Windows 8.1 and below.

Please download Firefox ESR (Extended Support Release) to use Firefox.

Firefox is no longer supported on macOS 10.14 and below.

Please download Firefox ESR (Extended Support Release) to use Firefox.

Firefox Privacy Notice

Mozilla Foundation Security Advisory 2022-08

Mozilla VPN local privilege escalation vis uncontrolled OpenSSL search path

Announced
February 23, 2022
Impact
high
Products
Mozilla VPN
Fixed in
  • Mozilla VPN 2.7.1

#CVE-2022-0517: Local privilege escalation vis uncontrolled OpenSSL search path

Reporter
DoHyun Lee (@l33d0hyun) of DNSLab, Korea University
Impact
high
Description

Mozilla VPN can load an OpenSSL configuration file from an unsecured directory. A user or attacker with limited privileges could leverage this to launch arbitrary code with SYSTEM privilege.

References