Mozilla Audit Finds Vulnerabilities in VPN

The audit was requested by the company itself, and the issues have since been resolved with no users affected.

A security audit carried out by a cybersecurity firm on behalf of Mozilla found vulnerabilities in the brand’s VPN.

The good news is that these were caught early and fixed, and no longer pose any threat to users of Mozilla’s VPN.

The work was carried out earlier in the year, and has recently been made public by the company, as a show of transparency.

The Mozilla VPN Audit

The audit was carried out by Cure53, a Berlin-based cybersecurity firm with 15 years experience, at the request of Mozilla themselves. It’s not unusual for companies to pay other firms to stress test their platforms – in fact any company that does this clearly takes its security seriously. Some even offer so called ‘white hat hackers’ a bounty for finding flaws and reporting them to be fixed.

Mozilla periodically works with third-party organizations to complement our internal security programs and help improve the overall security of our products. – Mozilla blog post

The original audit was carried out in July this year, with Mozilla now publicizing  these findings, having since fixed the issues raised.

Mozilla, perhaps best known for its Firefox web browser, launched Mozilla VPN last year. It’s a paid-for VPN similar to others such as Nord VPN and IPVanish, and is available on several platforms including Windows, Mac, iOS, Android and Linux.

What Vulnerabilities Were Found?

According to Mozilla, the audit uncovered what it has called three “medium to high severity” issues:

  • Cross-site WebSocket hijacking (High)
  • VPN leak via captive portal detection (Medium)
  • Auth code could be leaked by injecting port (Medium)

The highest rated issue found was that when in debug mode, the Mozilla VPN client could, theoretically, fall foul of a malicious website created by an attacked on their own domain, which could gain two-way communication with the VPN. However, Mozilla itself states that while this issue was marked as having a severity of high, this issue was only used in pre-release test builds, and as such, no customers were affected.

It’s important to stress that these issues have since been resolved by Mozilla, and present no danger to its users.

As well as news of the audit, Mozilla also informed its users in the same blog post that it had been continuing to work on new features and security measures for its VPN, and that these would be available soon.

Should I Use a VPN?

A VPN has become an invaluable tool for many of us over the past 18 months. VPNs had been slowly gaining momentum anyway among legitimate users, but the pandemic accelerated this considerably. Most businesses now will use VPNs to protect their data, having to deal with a remote or hybrid working force and susceptible to employees personal internet connections.

A VPN can also remove concerns about day to day activities such as a member of staff using a public Wi-Fi point for example, anonymizing the data, and making it nigh on impossible to track or intercept by attackers.

At Tech.co we are strong advocates for VPNs, but more so, paid-for VPNs, which start from a few bucks a month, and offer a whole, uncompromised, VPN package, unlike free versions which limit use, and may record or sell your data.

We have recommendations for both business VPNs and personal VPNs.

0 out of 0
Price From
Lowest price for single month subscription to cheapest paid tier. Other plans are available.
Verdict
No. of Devices
Zero Data Logging
Kill Switch
Email Support
Live Chat
Free Trial
Try
Click to find the latest offers, deals and discounts from the VPN provider

$2.99/month
Up to 74% off!

$2.99/month

$1.63/month

$9.99/month

$3.00/month min. ($1 per location)

~$4.87 per month

$2.19/month

$8.32/month

Super fast and easy to use, NordVPN is among the best we’ve tested. Advanced features like Onion-Over-VPN make it stand out from the crowd.

A fast VPN that performed well on our speed tests, and also owns a lot of its own server infrastructure.

A safe, easy-to-use and relatively robust VPN app that performed really well on our 2024 unblocking tests.

Affordably priced ultra-secure VPN that has great privacy features but is a little slow.

A reliable, widely-used VPN that has decent privacy controls, but it performed very poorly on our speed tests.

A decently-priced VPN that does all the basics well, but has an incredibly small server network compared to PureVPN and Co.

A decent option for seasoned torrenters, but a little pricier than PureVPN and Private Internet Access.

A user-friendly VPN based in Romania with servers optimized for streaming, but no obfuscation technology.

A highly reliable VPN with servers in more than 100 countries – but it comes with one of the heftiest price tags on the market.

6

Unlimited

10

Unlimited

8-12

Unlimited

10

7

5

30-day money-back guarantee

Yes (iOS and Android)

30-day money-back guarantee

See Deals See Deals See Deals See Deals See Deals See Deals See Deals See Deals See Deals
About our links

If you click on, sign up to a service through, or make a purchase through the links on our site, or use our quotes tool to receive custom pricing for your business needs, we may earn a referral fee from the supplier(s) of the technology you’re interested in. This helps Tech.co to provide free information and reviews, and carries no additional cost to you. Most importantly, it doesn’t affect our editorial impartiality. Ratings and rankings on Tech.co cannot be bought. Our reviews are based on objective research analysis. Rare exceptions to this will be marked clearly as a ‘sponsored’ table column, or explained by a full advertising disclosure on the page, in place of this one. Click to return to top of page

Did you find this article helpful? Click on one of the following buttons
We're so happy you liked! Get more delivered to your inbox just like it.

We're sorry this article didn't help you today – we welcome feedback, so if there's any way you feel we could improve our content, please email us at contact@tech.co

Written by:
Jack is the Deputy Editor for Tech.co. He has over 15 years experience in publishing, having covered both consumer and business technology extensively, including both in print and online. Jack has also led on investigations on topical tech issues, from privacy to price gouging. He has a strong background in research-based content, working with organisations globally, and has also been a member of government advisory committees on tech matters.
Explore More See all news
Back to top
close Thinking about your online privacy? NordVPN is Tech.co's top-rated VPN service See Deals