A security audit carried out by German cybersecurity outfit Cure 53 has found a number of vulnerabilities in the Mozilla VPN apps and clients. Carried out in August, the exercise brought up two medium vulnerabilities and one item of concern that was rated as high.
The latter, FVP-02-014, could have potentially exposed customers to cross-site WebSocket hijacking attempts but that issue was identified and fixed by Cure53 during the audit. As such, no customers were affected and the security risk no longer exists.
Mozilla VPN (opens in new tab) was launched last year by the foundation, best known for its Firefox (opens in new tab) web browser (opens in new tab), one which turns 20 next year. It has also expanded its portfolio with an identity theft protection (opens in new tab) tool, a content curation service and an email (opens in new tab) tool for privacy fans called Firefox relay.
We're looking at how our readers use VPNs with streaming sites like Netflix so we can improve our content and offer better advice. This survey won't take more than 60 seconds of your time, and we'd hugely appreciate if you'd share your experiences with us.
>> Click here to start the survey in a new window (opens in new tab) <<
- We've curated a list of the best business VPNs (opens in new tab) around today
- Here's the best endpoint protection software (opens in new tab) too
- And our leader board of the best password manager (opens in new tab)
When we reviewed it in 2020, Mozilla VPN was not able to match stalwarts like ExpressVPN (opens in new tab) or NordVPN (opens in new tab), as despite its low monthly price, it had too few features and access limited to five registered devices. Since we last tested it, Mozilla has grown its VPN to cover 30+ countries across five platforms, 28 languages and more than 400 servers.
Mozilla has also hinted at an upcoming refresh in the next couple of weeks with what it calls "new and exciting" security and customization features.
Audits as selling points
Audits come in different shapes. Mozilla's one focused on security while others look at data logging (and whether a VPN company sticks to its no-log promise). In a bid to differentiate themselves from rivals and rise above others in a very crowded market, a growing number of VPN providers have jumped on the audit bandwagon.
But doing an audit costs money and requires human resources that smaller outfits may not have at hand. In other words, audits may turn out to be a useful tool that to help separate between serious VPN providers and fly-by-night ones.
The full report can be read on Mozilla's website (opens in new tab).
- Best hybrid working tech (opens in new tab): Everything you need for the return to the office