MozillaVPN: Elevation of Privilege via a Logic Vulnerability
Medium
M
Mozilla
Submitted None
Team Summary
Official summary from Mozilla
This vulnerability is a bypass for a previously fixed issue #2261577. The exploit uses symbolic links during the installation process on macOS that allows an unprivileged attacker to gain root privileges. The fix was released in Mozilla VPN version 2.24.
Actions:
Reported by
northsea
Report Details
Additional information and metadata
State
Closed
Substate
Resolved
Submitted
Weakness
Improper Link Resolution Before File Access ('Link Following')