CVE Published: 22/12/2022 |
CVE Updated: 02/08/2024 |
CVE Year: 2022 Source: mozilla |
Vendor: Mozilla |
Product: Mozilla VPN Status : PUBLISHED
CVE-2022-0517 Description
Mozilla VPN can load an OpenSSL configuration file from an unsecured directory. A user or attacker with limited privileges could leverage this to launch arbitrary code with SYSTEM privilege. This vulnerability affects Mozilla VPN < 2.7.1.