CVE-2021-29978 Information

Description

Multiple low security issues were discovered and fixed in a security audit of Mozilla VPN 2.x branch as part of a 3rd party security audit. This vulnerability affects Mozilla VPN < 2.3.

CVSS Vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Reference

https://github.com/mozilla-mobile/mozilla-vpn-client/issues/803 https://github.com/mozilla-mobile/mozilla-vpn-client/pull/816 https://github.com/mozilla-mobile/mozilla-vpn-client/issues/805 https://github.com/mozilla-mobile/mozilla-vpn-client/issues/804 https://github.com/mozilla-mobile/mozilla-vpn-client/issues/806 https://github.com/mozilla-mobile/mozilla-vpn-client/issues/809 https://github.com/mozilla-mobile/mozilla-vpn-client/issues/808 https://github.com/mozilla-mobile/mozilla-vpn-client/issues/797 https://github.com/mozilla-mobile/mozilla-vpn-client/issues/799 https://github.com/mozilla-mobile/mozilla-vpn-client/issues/810 https://github.com/mozilla-mobile/mozilla-vpn-client/issues/798 https://github.com/mozilla-mobile/mozilla-vpn-client/issues/801 https://github.com/mozilla-mobile/mozilla-vpn-client/issues/812 https://github.com/mozilla-mobile/mozilla-vpn-client/issues/800 https://www.mozilla.org/security/advisories/mfsa2021-31/

Attack Complexity

LOW

Privileges Required

NONE

User Interaction Required

NONE

Scope

NONE

Confidentiality Impact

UNCHANGED

Integrity Impact

HIGH

Availability Impact

HIGH

Base Score

HIGH

Base Severity

9.8