CVE-2022-0517
published 2022-12-22CVE-2022-0517: Mozilla VPN can load an OpenSSL configuration file from an unsecured directory. A user or attacker with limited privileges could leverage this to launch…
high7.8CVSS 3.1
AVLACLPRLUINSUCHIHAH
Mozilla VPN can load an OpenSSL configuration file from an unsecured directory. A user or attacker with limited privileges could leverage this to launch arbitrary code with SYSTEM privilege. This vulnerability affects Mozilla VPN < 2.7.1.
Affected
3 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| mozilla | firefox | — | — |
| mozilla | mozilla_vpn | >= unspecified < 2.7.1 | 2.7.1 |
| mozilla | vpn | < 2.7.1 | 2.7.1 |