A security audit carried out by the German Cyberian Security Team Cure 53 has found a series of vulnerabilities in the VPN Mozilla Applications and customers. Carried out in August, exercise raised two vulnerabilities of medians and an element of concern that is classified as high.

The clients of the latter, FVP-02-014, could have potentially exposed to Cross-Site attempts of Kidnapping WebSocket but that issue was not identified and they were fixed by Cure53 during the audit. As such, there are no clients were affected and the security risk no longer exists.

Mozilla VPN was launched almost 20 years ago by the foundation, best known for its Firefox web browser. It has also expanded its portfolio with a protection tool against identity theft, a healing content service and an email tool for privacy fanatics called Firefox relay.

When reviewed by 2020, Mozilla VPN was not able to equal unconditional as ExpressvPN or NordvPn, and despite its low monthly price, it had very few features and limited access to five registered devices. Since last time we tried, Mozilla has increased its VPN to cover more than 30 countries of the five platforms, 28 languages ​​and more than 400 servers.

Mozilla has also insinuated in a next update in the next couple of weeks with what it calls “new and exciting” security features and personalization.

Audits as points of sale

Audits come in different ways. One of Mozilla focused on security, while others see in the data record (and if a VPN company sticks to its non-log promise). In an attempt to differentiate from the rivals and rise above the others in a very busy market, a growing number of VPN providers have risen to the audit car.

But making an audit costs money and requires human resources that smaller teams may not have at hand. In other words, audits can become a useful tool that helps separate between bass VPN providers and dear fly-by-night.