Products > Security

Mozilla VPN client disaster (linux)

(1/1)

madires:
Mozilla VPN: CVE-2023-4104: Privileged vpndaemon on Linux wrongly and incompletely implements Polkit authentication: https://www.openwall.com/lists/oss-security/2023/08/03/1

As you can see in the timeline, Mozilla handles this issue very professionally. >:D

SiliconWizard:
Haven't they rewritten this in Rust already?

madires:
No idea!

Nominal Animal:
Polkit itself should be burninated with extreme prejudice, being a critical security component developed by a small group of inept programmers, resulting in pretty damning CVE's at regular intervals, with at least two CVEs with known public exploits for local privilege escalation.  Maybe just rename it to Insecit...

SiliconWizard:
Yep.

Navigation

[0] Message Index

There was an error while thanking
Thanking...
Go to full version
Powered by SMFPacks Advanced Attachments Uploader Mod