Mozilla, the parent company of the hugely popular Firefox browser, has published the results of the independent security audit of their VPN service, and it has revealed a number of significant security concerns that were identified.
While the audit found much to praise Mozilla for in the security provisions on its VPN, the problems that were identified were significant, and the report concluded that Mozilla needs to devote more time and effort to protecting user privacy.
What is an Independent Audit?
Before we dig into the details of what problems the independent audit found, we should start off by explaining that an independent audit is when a VPN provider invites in an external company to stress-test its protection to ensure that all the security and privacy measures it has in place are working and to identify any vulnerabilities there may be in the system.
It is to Mozilla’s enormous credit that they have undertaken this audit and been so open and honest in publishing the results. The audit was undertaken by Cure 53, a German cybersecurity company with a strong track record of conducting VPN security audits for other providers such as ExpressVPN and NordVPN.
The audit is designed to pick up on issues, and that is exactly what it has done. Without the audit, these issues might have remained undetected for months or years. So, it is a testament to Mozilla that they have been identified and fixed thanks to this process.
What did the Mozilla VPN audit find?
The Cure 53 audit identified two vulnerabilities, which it identified as critical or high-risk issues. There were also a number of medium-level risks identified.
The type of issue that was identified was things like the keychain access level leaking to iCloud, a VPN leak via captive portal detection, and that rogue extension can disable the VPN.
Each and every one of these vulnerabilities did pose a risk to Mozilla VPN users. But they have now all been resolved or patched to the satisfaction of Cure 53, and there is no indication in anything that Mozilla has published that these vulnerabilities have been exploited by hackers or cyber criminals.
Should Mozilla VPN users be worried?
If you are a Mozilla VPN user and are worried about this news, our advice is not to be. It is a credit to Mozilla VPN that it has conducted this audit, identified vulnerabilities, and fixed them.
This news makes Mozilla VPN a far safer VPN than other providers who don’t undertake such audits, and so are likely to have vulnerabilities like these that have gone unnoticed and undetected.
The audit looked at the Mozilla VPN apps for Windows, MacOS, iOS, Android, and Linux, so no matter what type of device or operating system you are using, you can be confident that your Mozilla VPN connection is secure.
New Features for Mozilla VPN users
Alongside the results of the Mozilla VPN independent audit, they have also announced new features that they claim will streamline the Mozilla VPN user experience.
These new features include an extra layer of protection to help protect users from malware, spyware, and phishing attacks. These new threat protection tools are available under the Privacy Features tab in their menu and make Mozilla VPN the third VPN provider this week to add such features to their service after NordVPN and IPVanish.
They have also enhanced their server offering with a new feature that will recommend the highest performing server locations. This a service tailored to each individual user so results will be different based on your location and requirements.
Both of these new features are a strong addition to the Mozilla VPN offering. But it is the security transparency that we are most impressed with.