Arrr! Thar be troubles wit' Mozilla VPN, says th' security audit! Time t' fix th' ship, mateys!
2023-12-08
Arrr! Ye be informed, me hearties! The VPN scallywag be claimin' to have fixed all the weak spots, includin' two of the nasty kind. Gather 'round, me mateys, I'll spill the beans!
The cybersecurity firm Cure53 recently discovered seven security vulnerabilities in Mozilla VPN apps during a security audit. Two of these vulnerabilities were classified as critical or high priority. Mozilla has since addressed these risks, ensuring the security of its VPN service.Independent audits have become common practice among VPN companies that prioritize transparency and security. This is the third time Mozilla has enlisted Cure53's help for such an audit. It coincided with the launch of new features, including a malware blocking system.
The Cure53 team conducted penetration testing and inspections on various Mozilla applications over a 21-day period. While the code structure was deemed sound, some VPN features were found to potentially expose user data.
The most critical vulnerability affected the Mozilla VPN iOS app, which leaked WireGuard configuration to iCloud via device backups. Mozilla has addressed this risk by adding an extra layer of encryption. Another high-priority flaw allowed a malicious add-on to interact with the VPN and potentially disable the connection without the user's knowledge. This issue has also been resolved.
Mozilla has addressed all the medium and low vulnerabilities identified by Cure53, in addition to those found in a previous audit. Cure53 praised features like split-tunneling and multi-hop connections, which rely on established technology.
Prior to launching new features, such as a malware blocking software and performance improvements, Mozilla called on Cure53 for another audit. The provider has also expanded its server network across several European countries.