Mozilla Puts Its VPN To The Test, Discovers A High-level Security Threat After An Independent Audit

Recently, browsing leader Mozilla shared the result of an independent security audit on its VPN service. Upon inspection, a few vulnerabilities were discovered in the VPN, one of which was reportedly a major risk.

In August, the experts, who conducted the audit, scanned Mozilla VPN for weaknesses and successfully found three. Among these, two were of “medium severity,” while one was of “high severity.” These security flaws came up after running checks on multiple versions of the VPN, namely, Windows, macOS, Android, iOS, and Linux ports.

In a blog post, Mozilla shared that Cure53, a Berlin-based cybersecurity firm, had identified and fixed the security vulnerabilities in its VPN. As per Mozilla, Cure53 has over 15 years of experience testing software and carrying out audits.

The most severe issue, labeled “FVP-02-014,” made the user vulnerable to cross-site WebSocket hijacking. Moreover, the medium-risk vulnerabilities revolved around “VPN leak via captive portal detection” and “Auth code leak” by injecting the port.

However, these sophisticated terms shouldn’t worry you anymore as Cure53 has already addressed these weaknesses. There has also been no mention of any Mozilla VPN users falling victim to these either.

The Firefox developer’s public post that outlines the security flaws detected by the German firm provides users an insight into the potential risks of using a VPN. Moreover, these audits also help Mozilla iron out any issues that its one-year-old VPN service might have.

As of now, Mozilla VPN is only available in select countries. These include the US, Canada, the UK, Germany, France, Italy, Spain, Belgium, Austria, Switzerland, Malaysia, New Zealand, and Singapore. Those who want to be notified whenever it is released in their country can fill out this form.

Finally, if you’re looking for the best VPNs out there, check out this article.