Mozilla Audit Finds Vulnerabilities in VPN

The audit was requested by the company itself, and the issues have since been resolved with no users affected.

A security audit carried out by a cybersecurity firm on behalf of Mozilla found vulnerabilities in the brand's VPN.

The good news is that these were caught early and fixed, and no longer pose any threat to users of Mozilla's VPN.

The work was carried out earlier in the year, and has recently been made public by the company, as a show of transparency.

The Mozilla VPN Audit

The audit was carried out by Cure53, a Berlin-based cybersecurity firm with 15 years experience, at the request of Mozilla themselves. It's not unusual for companies to pay other firms to stress test their platforms – in fact any company that does this clearly takes its security seriously. Some even offer so called ‘white hat hackers' a bounty for finding flaws and reporting them to be fixed.

Mozilla periodically works with third-party organizations to complement our internal security programs and help improve the overall security of our products. – Mozilla blog post

The original audit was carried out in July this year, with Mozilla now publicizing  these findings, having since fixed the issues raised.

Mozilla, perhaps best known for its Firefox web browser, launched Mozilla VPN last year. It's a paid-for VPN similar to others such as Nord VPN and IPVanish, and is available on several platforms including Windows, Mac, iOS, Android and Linux.

What Vulnerabilities Were Found?

According to Mozilla, the audit uncovered what it has called three “medium to high severity” issues:

  • Cross-site WebSocket hijacking (High)
  • VPN leak via captive portal detection (Medium)
  • Auth code could be leaked by injecting port (Medium)

The highest rated issue found was that when in debug mode, the Mozilla VPN client could, theoretically, fall foul of a malicious website created by an attacked on their own domain, which could gain two-way communication with the VPN. However, Mozilla itself states that while this issue was marked as having a severity of high, this issue was only used in pre-release test builds, and as such, no customers were affected.

It's important to stress that these issues have since been resolved by Mozilla, and present no danger to its users.

As well as news of the audit, Mozilla also informed its users in the same blog post that it had been continuing to work on new features and security measures for its VPN, and that these would be available soon.

Should I Use a VPN?

A VPN has become an invaluable tool for many of us over the past 18 months. VPNs had been slowly gaining momentum anyway among legitimate users, but the pandemic accelerated this considerably. Most businesses now will use VPNs to protect their data, having to deal with a remote or hybrid working force and susceptible to employees personal internet connections.

A VPN can also remove concerns about day to day activities such as a member of staff using a public Wi-Fi point for example, anonymizing the data, and making it nigh on impossible to track or intercept by attackers.

At Tech.co we are strong advocates for VPNs, but more so, paid-for VPNs, which start from a few bucks a month, and offer a whole, uncompromised, VPN package, unlike free versions which limit use, and may record or sell your data.

We have recommendations for both business VPNs and personal VPNs.

0 out of 0
Price From
Lowest price for single month subscription to cheapest paid tier. Other plans are available.
Verdict
No. of Devices
No. of Servers
Zero Data Logging
Kill switch
Email Support
Live Chat
Free Trial
Try
Click to find the latest offers, deals and discounts from the VPN provider

$3.99 /month

$1.41/mo

$2.03/mo

$9.99/mo

  • $5.75/mo

$4.99 per month

$2.03/month

$8.32/month

$2.75/month (3-year plan)

Fast, effective, low-cost and simple – the best VPN we've tested, with risk-free money-back guarantee

Powerful features and security, but a bit technical. Some massive savings currently available.

A safe, simple, outstanding VPN

Outstanding value, with an advanced VPN app

Good VPN privacy at good speeds

A good, well-priced VPN

A decent option for expert users

A user-friendly VPN, let down by some speed loss

Superb features, but at a higher cost

A powerful tool for expert users

6

Unlimited

5

10

8-12

Unlimited

10

5

5

5

5,400+ (60+ countries)

1,300+ (55+ countries)

7,600 (78+ countries)

35,000+ (84+ countries)

3,000+ (50+ countries)

500+ (60+ countries)

1,720+ (63+ countries)

7,000 servers (90+ countries)

3,000+ (94+ countries)

200 (23+ countries)

30-day money-back guarantee

30-day money-back guarantee

About our links

If you click on, sign up to a service through, or make a purchase through the links on our site, or use our quotes tool to receive custom pricing for your business needs, we may earn a referral fee from the supplier(s) of the technology you’re interested in. This helps Tech.co to provide free information and reviews, and carries no additional cost to you. Most importantly, it doesn’t affect our editorial impartiality. Ratings and rankings on Tech.co cannot be bought. Our reviews are based on objective research analysis. Rare exceptions to this will be marked clearly as a ‘sponsored' table column, or explained by a full advertising disclosure on the page, in place of this one. Click to return to top of page

Written by:

Jack is the Deputy Editor for Tech.co. He has over 15 years experience in publishing, having covered both consumer and business technology extensively, including both in print and online. Jack has also led on investigations on topical tech issues, from privacy to price gouging. He has a strong background in research-based content, working with organisations globally, and has also been a member of government advisory committees on tech matters.

Explore More See all news
close Thinking about your online privacy? NordVPN is Tech.co's top-rated VPN service See Deals