Author Topic: Mozilla VPN client disaster (linux)  (Read 756 times)

0 Members and 1 Guest are viewing this topic.

Offline madiresTopic starter

  • Super Contributor
  • ***
  • Posts: 7643
  • Country: de
  • A qualified hobbyist ;)
Mozilla VPN client disaster (linux)
« on: August 04, 2023, 02:55:16 pm »
Mozilla VPN: CVE-2023-4104: Privileged vpndaemon on Linux wrongly and incompletely implements Polkit authentication: https://www.openwall.com/lists/oss-security/2023/08/03/1

As you can see in the timeline, Mozilla handles this issue very professionally. >:D
« Last Edit: August 04, 2023, 02:56:49 pm by madires »
 

Online SiliconWizard

  • Super Contributor
  • ***
  • Posts: 14043
  • Country: fr
Re: Mozilla VPN client disaster (linux)
« Reply #1 on: August 04, 2023, 09:28:06 pm »
Haven't they rewritten this in Rust already?
 

Offline madiresTopic starter

  • Super Contributor
  • ***
  • Posts: 7643
  • Country: de
  • A qualified hobbyist ;)
Re: Mozilla VPN client disaster (linux)
« Reply #2 on: August 05, 2023, 10:14:47 am »
No idea!
 

Offline Nominal Animal

  • Super Contributor
  • ***
  • Posts: 5963
  • Country: fi
    • My home page and email address
Re: Mozilla VPN client disaster (linux)
« Reply #3 on: August 05, 2023, 01:22:38 pm »
Polkit itself should be burninated with extreme prejudice, being a critical security component developed by a small group of inept programmers, resulting in pretty damning CVE's at regular intervals, with at least two CVEs with known public exploits for local privilege escalation.  Maybe just rename it to Insecit...
 

Online SiliconWizard

  • Super Contributor
  • ***
  • Posts: 14043
  • Country: fr
Re: Mozilla VPN client disaster (linux)
« Reply #4 on: August 06, 2023, 08:54:57 pm »
Yep.
 


Share me

Digg  Facebook  SlashDot  Delicious  Technorati  Twitter  Google  Yahoo
Smf