Security audit finds major issue in Mozilla VPN

Mozilla VPN apps and clients both affected

When you purchase through links on our site, we may earn an affiliate commission.Here’s how it works.

A security audit carried out by German cybersecurity outfit Cure 53 has found a number of vulnerabilities in the MozillaVPNapps and clients. Carried out in August, the exercise brought up two medium vulnerabilities and one item of concern that was rated as high.

The latter, FVP-02-014, could have potentially exposed customers to cross-site WebSocket hijacking attempts but that issue was identified and fixed by Cure53 during the audit. As such, no customers were affected and the security risk no longer exists.

Mozilla VPNwas launched last year by the foundation, best known for itsFirefoxwebbrowser, one which turns 20 next year. It has also expanded its portfolio with anidentity theft protectiontool, a content curation service and anemailtool for privacy fans called Firefox relay.

We’re looking at how our readers use VPNs with streaming sites like Netflix so we can improve our content and offer better advice. This survey won’t take more than 60 seconds of your time, and we’d hugely appreciate if you’d share your experiences with us.

Click here to start the survey in a new window«

When we reviewed it in 2020, Mozilla VPN was not able to match stalwarts likeExpressVPNorNordVPN, as despite its low monthly price, it had too few features and access limited to five registered devices. Since we last tested it, Mozilla has grown its VPN to cover 30+ countries across five platforms, 28 languages and more than 400 servers.

Mozilla has also hinted at an upcoming refresh in the next couple of weeks with what it calls “new and exciting” security and customization features.

Audits as selling points

Audits come in different shapes. Mozilla’s one focused on security while others look at data logging (and whether a VPN company sticks to its no-log promise). In a bid to differentiate themselves from rivals and rise above others in a very crowded market, a growing number of VPN providers have jumped on the audit bandwagon.

But doing an audit costs money and requires human resources that smaller outfits may not have at hand. In other words, audits may turn out to be a useful tool that to help separate between serious VPN providers and fly-by-night ones.

Are you a pro? Subscribe to our newsletter

Sign up to the TechRadar Pro newsletter to get all the top news, opinion, features and guidance your business needs to succeed!

The full report can be readon Mozilla’s website.

Désiré has been musing and writing about technology during a career spanning four decades. He dabbled inwebsite buildersandweb hostingwhen DHTML and frames were in vogue and started narrating about the impact of technology on society just before the start of the Y2K hysteria at the turn of the last millennium.

Should your VPN always be on?

3 reasons why PIA fell in our best VPN rankings

Smeg Combi Steam Oven review: a multi-functional countertop oven that looks stunning and cooks well