Every CVE whose affected-product data names Mozilla Vpn, ordered by CVSS severity, with EPSS exploit prediction and CISA KEV status.
CVEs (4)
CVE-2022-0517 — CVSS 7.8 (high): Mozilla VPN can load an OpenSSL configuration file from an unsecured directory. A user or attacker with limited privileges could leverage…
CVE-2025-5687 — CVSS 7.8 (high): A vulnerability in Mozilla VPN on macOS allows privilege escalation from a normal user to root. *This bug only affects Mozilla VPN on…
CVE-2020-15679 — CVSS 7.6 (high): An OAuth session fixation vulnerability existed in the VPN login flow, where an attacker could craft a custom login URL, convince a VPN…
CVE-2023-4104 — CVSS 5.5 (medium): An invalid Polkit Authentication check and missing authentication requirements for D-Bus methods allowed any local user to configure…