Author Topic: Mozilla VPN client disaster (linux) (Read 831 times)

madires · « **on:** August 04, 2023, 02:55:16 pm »

Mozilla VPN: CVE-2023-4104: Privileged vpndaemon on Linux wrongly and incompletely implements Polkit authentication: https://www.openwall.com/lists/oss-security/2023/08/03/1

As you can see in the timeline, Mozilla handles this issue very professionally.

SiliconWizard · « **Reply #1 on:** August 04, 2023, 09:28:06 pm »

Haven't they rewritten this in Rust already?

madires · « **Reply #2 on:** August 05, 2023, 10:14:47 am »

No idea!

Nominal Animal · « **Reply #3 on:** August 05, 2023, 01:22:38 pm »

Polkit itself should be burninated with extreme prejudice, being a critical security component developed by a small group of inept programmers, resulting in pretty damning CVE's at regular intervals, with at least two CVEs with known public exploits for local privilege escalation. Maybe just rename it to Insecit...

SiliconWizard · « **Reply #4 on:** August 06, 2023, 08:54:57 pm »


EEVblog Main Site	EEVblog on Youtube	EEVblog on Twitter	EEVblog on Facebook	EEVblog on Odysee

EEVblog Electronics Community Forum

Author Topic: Mozilla VPN client disaster (linux) (Read 831 times)

madires

Mozilla VPN client disaster (linux)

SiliconWizard

Re: Mozilla VPN client disaster (linux)

madires

Re: Mozilla VPN client disaster (linux)

Nominal Animal

Re: Mozilla VPN client disaster (linux)

SiliconWizard

Re: Mozilla VPN client disaster (linux)

Share me