Security audit finds major issue in Mozilla VPN

News
By published

Mozilla VPN apps and clients both affected

Mozilla VPN on a Smartphone
(Image credit: Mozilla)

A security audit carried out by German cybersecurity outfit Cure 53 has found a number of vulnerabilities in the Mozilla VPN apps and clients. Carried out in August, the exercise brought up two medium vulnerabilities and one item of concern that was rated as high.

The latter, FVP-02-014, could have potentially exposed customers to cross-site WebSocket hijacking attempts but that issue was identified and fixed by Cure53 during the audit. As such, no customers were affected and the security risk no longer exists.

Mozilla VPN was launched last year by the foundation, best known for its Firefox web browser, one which turns 20 next year. It has also expanded its portfolio with an identity theft protection tool, a content curation service and an email tool for privacy fans called Firefox relay.

TechRadar needs you!

We're looking at how our readers use VPNs with streaming sites like Netflix so we can improve our content and offer better advice. This survey won't take more than 60 seconds of your time, and we'd hugely appreciate if you'd share your experiences with us.

>> Click here to start the survey in a new window <<

When we reviewed it in 2020, Mozilla VPN was not able to match stalwarts like ExpressVPN or NordVPN, as despite its low monthly price, it had too few features and access limited to five registered devices. Since we last tested it, Mozilla has grown its VPN to cover 30+ countries across five platforms, 28 languages and more than 400 servers.

Mozilla has also hinted at an upcoming refresh in the next couple of weeks with what it calls "new and exciting" security and customization features.

Audits as selling points

Audits come in different shapes. Mozilla's one focused on security while others look at data logging (and whether a VPN company sticks to its no-log promise). In a bid to differentiate themselves from rivals and rise above others in a very crowded market, a growing number of VPN providers have jumped on the audit bandwagon.

But doing an audit costs money and requires human resources that smaller outfits may not have at hand. In other words, audits may turn out to be a useful tool that to help separate between serious VPN providers and fly-by-night ones.

The full report can be read on Mozilla's website.

Desire Athow
Desire Athow
Managing Editor, TechRadar Pro

Désiré has been musing and writing about technology during a career spanning four decades. He dabbled in website builders and web hosting when DHTML and frames were in vogue and started narrating about the impact of technology on society just before the start of the Y2K hysteria at the turn of the last millennium.

Read more
NordVPN running on a desktop, mobile devices, Apple TV, a router and a game console
NordVPN reacts to results from its latest security audit
A repeating pattern of pink magnifying glasses on a light blue background
Why do VPN audits matter?
A VPN running on a mobile device
A new era for VPN testing? ATMSO publishes the first-ever testing standards in an "important milestone"
A VPN runs on a mobile phone placed on a laptop keyboard
Major new online tunneling vulnerability could put millions of devices at risk
best Secure VPN
Secure VPN providers 2025: safe options for the best security and encryption
malware
Google warns of legit VPN apps being used to infect devices with malware
Latest in VPN Privacy & Security
Swiss flag with view of Geneva city, Switzerland
Secure encryption and online anonymity are now at risk in Switzerland – here's what you need to know
Demonstrators protesting against the arrest of the Mayor of Istanbul Ekrem Imamoglu block Atatürk Boulevard on March 22, 2025 in Ankara, Türkiye.
Turkey's social media ban has been lifted, but VPN usage is still high
Shape of Russia filled with Russian flag-colored internet codes on a black hacking background
A new wave of blocks in Russia targets VPN apps and Cloudflare subnets
Digital hand set location on map with two pins. AI technology in GPs, innovation delivery, map location, future transport logistic, route path concept. GPs point. New office location, change address
What does your IP address reveal about you?
A stethoscope next to a laptop on a pink background
How to check if your VPN is working
Teenager playing on a gaming PC with two monitors
Is using a VPN while gaming cheating? 5 myths you shouldn't believe about gaming with a VPN
Latest in News
Google Pixel Watch 3 side dial and button
Google Gemini reportedly spotted on Wear OS – could a rollout be close at hand?
Nintendo Switch 2 Joy-Con up-close from app store
Nintendo's new app gave us another look at the Switch 2, and there's something different with the Joy-Con
cheap Nintendo Switch game deals sales
Nintendo didn't anticipate that Mario Kart 8 Deluxe was 'going to be the juggernaut' for the Nintendo Switch when it was ported to the console, according to former employees
Toni Collette in Hereditary
Everything leaving Netflix in April 2025 – from the scariest movie ever made to a beloved DreamWorks animation with 99% on Rotten Tomatoes
Three angles of the Apple MacBook Air 15-inch M4 laptop above a desk
Apple MacBook Air 15-inch (M4) review roundup – should you buy Apple's new lightweight laptop?
Witchbrook
Witchbrook, the life-sim I've been waiting years for, finally has a release window and it's sooner than you think
More about vpn privacy security
Swiss flag with view of Geneva city, Switzerland

Secure encryption and online anonymity are now at risk in Switzerland – here's what you need to know
NordVPN CTO Marijus Briedis speaking at a panel during RightsCon 2025 in Taipei, Taiwan, on February 25.

Cyber threats are evolving everywhere – and "prevention alone is insufficient," says NordVPN CTO
Google Pixel Watch 3 side dial and button

Google Gemini reportedly spotted on Wear OS – could a rollout be close at hand?
See more latest
Most Popular
Google Pixel Watch 3 side dial and button
Google Gemini reportedly spotted on Wear OS – could a rollout be close at hand?
XGIMI Portable Outdoor Screen
This cheap new outdoor projector screen looks like a smart companion for portable projectors – get 70 inches of entertainment anywhere
Toni Collette in Hereditary
Everything leaving Netflix in April 2025 – from the scariest movie ever made to a beloved DreamWorks animation with 99% on Rotten Tomatoes
Close up of Leica M11-P viewfinder
I wince at the prospect of the rumored Leica M11-V – here's why
Nintendo Switch 2 Joy-Con up-close from app store
Nintendo's new app gave us another look at the Switch 2, and there's something different with the Joy-Con
HP ZBook Ultra G1a
HP's ridiculously fast Ryzen AI Max+ Pro 395 laptop with 128GB RAM goes on sale everywhere in the US, but it won't be cheap
A mobile phone showing the Signal logo in front of a screen showing the app
Signalgate explained: what is Signal, and how secure is the messaging app?
Asus Ascent GX10 Rear
Asus's more affordable version of Nvidia's uber-popular Project Digits snapped at GTC 2025
iPhone 13 mini
The iPhone mini won't be returning, according to rumors – and you think that's a mistake
Sam Altman and OpenAI
OpenAI is upping its bug bounty rewards as security worries rise