CVE-2023-4104

Name of the Vulnerable Software and Affected Versions Mozilla VPN client for Linux versions prior to 2.16.1

Description The issue is related to an invalid Polkit Authentication check and missing authentication requirements for D-Bus methods, allowing any local user to configure arbitrary VPN setups. This bug only affects Mozilla VPN on Linux, with other operating systems being unaffected.

Recommendations For Mozilla VPN client for Linux versions prior to 2.16.1, update to version 2.16.1 or later to resolve the issue. As a temporary workaround, consider restricting access to the D-Bus methods until a patch is available.