Mozilla Audit Finds Vulnerabilities in VPN

The audit was requested by the company itself, and the issues have since been resolved with no users affected.
Jack Turner

A security audit carried out by a cybersecurity firm on behalf of Mozilla found vulnerabilities in the brand's VPN.

The good news is that these were caught early and fixed, and no longer pose any threat to users of Mozilla's VPN.

The work was carried out earlier in the year, and has recently been made public by the company, as a show of transparency.

The Mozilla VPN Audit

The audit was carried out by Cure53, a Berlin-based cybersecurity firm with 15 years experience, at the request of Mozilla themselves. It's not unusual for companies to pay other firms to stress test their platforms – in fact any company that does this clearly takes its security seriously. Some even offer so called ‘white hat hackers' a bounty for finding flaws and reporting them to be fixed.

Mozilla periodically works with third-party organizations to complement our internal security programs and help improve the overall security of our products. – Mozilla blog post

The original audit was carried out in July this year, with Mozilla now publicizing  these findings, having since fixed the issues raised.

Mozilla, perhaps best known for its Firefox web browser, launched Mozilla VPN last year. It's a paid-for VPN similar to others such as Nord VPN and IPVanish, and is available on several platforms including Windows, Mac, iOS, Android and Linux.

What Vulnerabilities Were Found?

According to Mozilla, the audit uncovered what it has called three “medium to high severity” issues:

  • Cross-site WebSocket hijacking (High)
  • VPN leak via captive portal detection (Medium)
  • Auth code could be leaked by injecting port (Medium)

The highest rated issue found was that when in debug mode, the Mozilla VPN client could, theoretically, fall foul of a malicious website created by an attacked on their own domain, which could gain two-way communication with the VPN. However, Mozilla itself states that while this issue was marked as having a severity of high, this issue was only used in pre-release test builds, and as such, no customers were affected.

It's important to stress that these issues have since been resolved by Mozilla, and present no danger to its users.

As well as news of the audit, Mozilla also informed its users in the same blog post that it had been continuing to work on new features and security measures for its VPN, and that these would be available soon.

Should I Use a VPN?

A VPN has become an invaluable tool for many of us over the past 18 months. VPNs had been slowly gaining momentum anyway among legitimate users, but the pandemic accelerated this considerably. Most businesses now will use VPNs to protect their data, having to deal with a remote or hybrid working force and susceptible to employees personal internet connections.

A VPN can also remove concerns about day to day activities such as a member of staff using a public Wi-Fi point for example, anonymizing the data, and making it nigh on impossible to track or intercept by attackers.

At Tech.co we are strong advocates for VPNs, but more so, paid-for VPNs, which start from a few bucks a month, and offer a whole, uncompromised, VPN package, unlike free versions which limit use, and may record or sell your data.

We have recommendations for both business VPNs and personal VPNs.

0 out of 0
Test Score
Our scoring is based on independent tests and assessments of features, privacy settings, ease of use and value.
Verdict
No. of Devices
No. of Servers
Zero Data Logging
Killswitch
Email Support
Live Chat
Ease of Use
Features
Privacy
Speed
Help & Support
Value for Money
Free Trial
Price From
Try
Click to find the latest offers, deals and discounts from the VPN provider
4.1
4.0
3.8
3.7
3.7
3.7
3.5
3.5
3.5

Fast, effective, low-cost and simple – the best VPN we've tested, with risk-free money-back guarantee

Powerful features and security, but a bit technical. Some massive savings currently available.

Outstanding value, with an advanced VPN app

Good VPN privacy at good speeds

A good, well-priced VPN

A decent option for expert users

A user-friendly VPN, let down by some speed loss

Superb features, but at a higher cost

A powerful tool for expert users

6

5

5

5

10

10

5

3

5

5,363

1,000

3,035

3,000

480

112

40

1,500

60

★★★★★

★★★★★

★★★★☆

★★★★☆

★★★★★

★★★★★

★★★★★

★★★★★

★★★☆☆

★★★☆☆

★★★★★

★★★☆☆

★★★☆☆

★★★☆☆

★★★★★

★★★☆☆

★★★★★

★★★★★

★★★★★

★★★★★

★★★★★

★★★★★

★★★★★

★★★★★

★★★★★

★★★★★

★★★★★

★★★★☆

★★★★☆

★★★★☆

★★★☆☆

★★★☆☆

★★★☆☆

★★☆☆☆

★★★☆☆

★★★★☆

★★★★☆

★★★★★

★★★★☆

★★★☆☆

★★★☆☆

★★★★☆

★★★★☆

★★★★☆

★★★☆☆

★★★★☆

★★★★☆

★★★★☆

★★★★☆

★★★★☆

★★★★☆

★★★★☆

★★★☆☆

★★★★☆

$3.71 (2-year plan)

$3.25 per month

$3.33 (1-year plan)

$4.99 (1-year plan)

$4.08 (1-year plan)

$4 (1-year plan)

$3.50 (2-year plan)

$8.32 per month

$2.66 (1-year plan)

About our links

Tech.co is reader-supported. If you make a purchase through the links on our site, we may earn a commission from the retailers of the products we have reviewed. This helps Tech.co to provide free advice and reviews for our readers. It has no additional cost to you, and never affects the editorial independence of our reviews. Click to return to top of page

Did you find this article helpful? Click on one of the following buttons
We're so happy you liked! Get more delivered to your inbox just like it.

We're sorry this article didn't help you today – we welcome feedback, so if there's any way you feel we could improve our content, please email us at contact@tech.co

Jack is the Content Manager for Tech.co. He has been writing about a broad variety of technology subjects for over a decade, both in print and online, including laptops and tablets, gaming, and tech scams. As well as years of experience reviewing the latest tech devices, Jack has also conducted investigative research into a number of tech-related issues, including privacy and fraud.

Explore More See all news
close Thinking about your online privacy? NordVPN is Tech.co's top-rated VPN service See Deals