The Mozilla Foundation has patched a High risk local privilege escalation vulnerability in Mozilla VPN.
An attacker could exploit this vulnerability to take control of impacted systems.
As part of Mozilla Foundation Security Advisory 2022-08, Mozilla addressed a local privilege escalation via uncontrolled OpenSSL search path (CVE-2022-0517).
“Mozilla VPN can load an OpenSSL configuration file from an unsecured directory. A user or attacker with limited privileges could leverage this to launch arbitrary code with SYSTEM privilege,” Mozilla stated.
The issue has been fixed in Mozilla VPN 2.7.1.