{"id":"CVE-2022-0517","details":"Mozilla VPN can load an OpenSSL configuration file from an unsecured directory. A user or attacker with limited privileges could leverage this to launch arbitrary code with SYSTEM privilege. This vulnerability affects Mozilla VPN \u003c 2.7.1.","modified":"2026-04-10T04:42:17.762881Z","published":"2022-12-22T20:15:12.540Z","references":[{"type":"ADVISORY","url":"https://www.mozilla.org/security/advisories/mfsa2022-08/"},{"type":"REPORT","url":"https://bugzilla.mozilla.org/show_bug.cgi?id=1752291"}],"affected":[{"ranges":[{"type":"GIT","repo":"https://github.com/mozilla-mobile/mozilla-vpn-client","events":[{"introduced":"0"},{"fixed":"c8578a147a7e94107ffedb4975123f949e459973"}],"database_specific":{"versions":[{"introduced":"0"},{"fixed":"2.7.1"}]}}],"versions":["v2.0.1","v2.0.3","v2.1.0","v2.7.0"],"database_specific":{"source":"https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2022-0517.json"}}],"schema_version":"1.7.5","severity":[{"type":"CVSS_V3","score":"CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H"}]}