Mozilla Vpn vulnerabilities

CVE-2022-0517 [HIGH] CWE-434 CVE-2022-0517: Mozilla VPN can load an OpenSSL configuration file from an unsecured directory. A user or attacker w Mozilla VPN can load an OpenSSL configuration file from an unsecured directory. A user or attacker with limited privileges could leverage this to launch arbitrary code with SYSTEM privilege. This vulnerability affects Mozilla VPN < 2.7.1.

CVE-2021-29978 [CRITICAL] CVE-2021-29978: Multiple low security issues were discovered and fixed in a security audit of Mozilla VPN 2.x branch Multiple low security issues were discovered and fixed in a security audit of Mozilla VPN 2.x branch as part of a 3rd party security audit. This vulnerability affects Mozilla VPN < 2.3.