Mozilla recently shared the results of an independent security audit on its Mozilla VPN service. The independent audit report suggests the high level security threats in the VPN which can prove to be a major risk.
The security experts in August discovered three flaws in Mozilla VPN. Two of the flaws were of medium severity while the other was of high severity. The flaws were discovered after running the VPN service on various devices such as Windows, macOS, Android, iOS, and Linux ports.
Mozilla in a blog post mentioned that Cure53, a Berlin-based cybersecurity firm discovered and fixed the security vulnerabilities in its VPN. Cure53 has been testing software and carrying out audits for the last 15 years.
Mozilla VPN comes with the FVP-02-014 flaw which makes the users vulnerable to cross-site WebSocket hijacking. The other two medium-risk vulnerabilities include “VPN leak via captive portal detection” and “Auth code leak” by injecting the port.
Though these vulnerabilities are now addressed by Cure53 and users need not worry about them anymore. Also, Mozilla has not made any reference to Mozilla VPN users falling victim to these.
Users will get an insight into the potential risk of using a VPN via the Firefox developer’s public post which outlines the security flaws detected by the German firm. The security audit will also help Mozilla to fix any further issues with its newly launched VPN service.
Currently, Mozilla VPN is available for users in select countries such as the US, Canada, the UK, Germany, France, Italy, Spain, Belgium, Austria, Switzerland, Malaysia, New Zealand, and Singapore.
If you want to get notified when it will be released in your country you can fill out this form.