Vulnerability Information
Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.
Vulnerability Title
N/A
Vulnerability Description
An OAuth session fixation vulnerability existed in the VPN login flow, where an attacker could craft a custom login URL, convince a VPN user to login via that URL, and obtain authenticated access as that user. This issue is limited to cases where attacker and victim are sharing the same source IP and could allow the ability to view session states and disconnect VPN sessions. This vulnerability affects Mozilla VPN iOS 1.0.7 < (929), Mozilla VPN Windows < 1.2.2, and Mozilla VPN Android 1.1.0 < (1360).
CVSS Information
N/A
Vulnerability Type
N/A
Vulnerability Title
Mozilla VPN 授权问题漏洞
Vulnerability Description
Mozilla VPN是美国Mozilla基金会的开源虚拟专用网络Web浏览器扩展,桌面应用程序和移动应用程序。 Mozilla VPN iOS 1.0.7(929)之前版本、Mozilla VPN Windows 1.2.2之前版本和Mozilla VPN Android 1.1.0(1360)之前版本存在安全漏洞,该漏洞源于登录流程中存在OAuth会话固定漏洞,攻击者可以在其中制作自定义登录URL,诱使VPN用户通过该URL登录,并以该用户身份获得经过身份验证的访问权限。
CVSS Information
N/A
Vulnerability Type
N/A