Mozilla VPN

Freud2004

Level 10
Verified
Well-known
Jun 26, 2020
440
Very standard interface:

1612381644035.png
 
Last edited by a moderator:

Cortex

Level 26
Verified
Top Poster
Well-known
Aug 4, 2016
1,465
It seems they use Mullvad, at this point I can't see any advantage over using the Mozilla offering over Mullvad which to me is one of if not the best VPN - Mozilla are asking for volunteers to help run the project, there may be advantages of using Mozilla I'm not aware of though Mozilla require a email where Mullvad require no information.

Mozilla VPN
 

n8chavez

Level 16
Well-known
Feb 26, 2021
757
It seems they use Mullvad, at this point I can't see any advantage over using the Mozilla offering over Mullvad which to me is one of if not the best VPN - Mozilla are asking for volunteers to help run the project, there may be advantages of using Mozilla I'm not aware of though Mozilla require a email where Mullvad require no information.

Mozilla VPN

That's exactly right. I beta-tested for them, when it was still not yet done baking, and I just couldn't see any advantages to using it versus Mullvad. There weren't any then and there doesn't seem to any reason if you are choosing between the two to not just use mullvad. This whole thing is odd; Mozilla rents from Mullvad which rents servers and bandwidth. Why not just eliminate the middle man and use Mullvad? Am I missing something here?
 

blackice

Level 38
Verified
Top Poster
Well-known
Apr 1, 2019
2,670
That's exactly right. I beta-tested for them, when it was still not yet done baking, and I just couldn't see any advantages to using it versus Mullvad. There weren't any then and there doesn't seem to any reason if you are choosing between the two to not just use mullvad. This whole thing is odd; Mozilla rents from Mullvad which rents servers and bandwidth. Why not just eliminate the middle man and use Mullvad? Am I missing something here?
Brand recognition. Malwarebytes also repackages Mullvad. Both Mozilla and Malwarebytes are known recognizable brands to the less tech savvy. It’s a win win for the two companies involved.
 

rain2reign

Level 8
Verified
Well-known
Jun 21, 2020
363
Exactly, I would normally also use the argument "why not eliminate the middle-man?", but the problem is the majority of the users on the internet are not tech-savvy. Yes, they can do their own research. However, for those users it's like reading Chinese while being drunk in a manner of speech. Brands like Mozilla due to Firefox, Malwarebytes, Microsoft, Apple, Samsung and you name another thousand brands to add to the list, have more exposure and thus by default more trust from those users (consumers).

Not that I'd disagree with said argument, but they simply don't know enough or understand enough about the subject to make such a decision. "Why go to the Company A, while you can pay Company B to deal with it for you"
 

n8chavez

Level 16
Well-known
Feb 26, 2021
757
Brand recognition. Malwarebytes also repackages Mullvad. Both Mozilla and Malwarebytes are known recognizable brands to the less tech savvy. It’s a win win for the two companies involved.

I get that. Although I guess I just assumed people that are more technically inclined are Firefox's target audience (more comfortable with things like about:config and other security/privacy tweaks.) The Mozilla market share would indicate that's true. If that's the case, wouldn't that share target audience, those that are aware of, and the need for, VPNs in the first place, also be aware of mullvad? I'm just thinking out loud here...
 

rain2reign

Level 8
Verified
Well-known
Jun 21, 2020
363
I get that. Although I guess I just assumed people that are more technically inclined are Firefox's target audience (more comfortable with things like about:config and other security/privacy tweaks.) The Mozilla market share would indicate that's true. If that's the case, wouldn't that share target audience, those that are aware of, and the need for, VPNs in the first place, also be aware of mullvad? I'm just thinking out loud here...
You're absolute right. Also coming with the fact that Mozilla has nothing to gain from entering the already oversaturated VPN market, even if they physically hosted all their servers for the VPN service. They require an email and credit card information to boot too, which Mullvad does not. Noting down that technically Mullvad can trace you back too to a degree. By reading the account ID generated for you with the account(s) used to pay for the service use, but they don't require any other information aside from the moment you pay up.

And that the tech-savvy people know the subject, as well as know/will find out that Mullvad is a vpn service provider themselves. I just find it the most odd decision that they decided to make a vpn service, in my eyes don't have any right of existence in the VPN eco-system, unless they started to physically host the servers themselves.

I get that they need to make money too and fast... But a white labeled VPN service? I feel insulted for some reason. :LOL:
 

silversurfer

Level 85
Verified
Honorary Member
Top Poster
Content Creator
Malware Hunter
Well-known
Aug 17, 2014
9,962
Today, we’re launching two new features to give you an added layer of protection with our trusted Mozilla VPN service. Mozilla has a reputation for building products that help you keep your information safe. These new features will help users do the following:

For those who watch out for unsecure networks

If you’re someone who keeps our Mozilla VPN service off and prefers to manually turn it on yourself, this feature will help you out. We’ll notify you when you’ve joined a network that is not password protected or has weak encryptions. By just clicking on the notification you can turn the Mozilla VPN service on, giving you an added layer of protection ensuring every conversation you have is encrypted over the network. This feature is available on Windows, Linux, Mac, Android and iOS platforms.

For those at home, who want to keep all your devices connected

Occasionally, you might need to print out forms for an upcoming doctor visit or your kid’s worksheets to keep them busy. Now, we’ve added Local Area Network Access, so your devices can talk with each other without having to turn off your VPN. Just make sure that the box is checked in Network Settings when you are on your home network. This feature is available on Windows, Linux, Mac and Android platforms.
 

Cortex

Level 26
Verified
Top Poster
Well-known
Aug 4, 2016
1,465
'Occasionally, you might need to print out forms for an upcoming doctor visit or your kid’s worksheets to keep them busy' Are they for real?

Apart from the fact Mullvad has this option for as long as I've used it as do most VPN's it's not just printing which I do a lot of (not just doctor appointments??) Programs such as Sonos desk application don't function without it - Mozilla have pushed out an unfinished VPN in my opinion - What it needs I feel as does Mullvad is split tunnelling.
 

CyberTech

Level 44
Verified
Top Poster
Well-known
Nov 10, 2017
3,281
Mozilla's virtual private network (VPN) service has arrived in seven more countries, including Austria, Belgium, France, Germany, Italy, Spain and Switzerland.

The expansion is a big move for the Firefox browser-maker, which launched its VPN in summer 2020 in the US, UK, Canada, New Zealand, Singapore, and Malaysia. The service is available for Windows 10, macOS, Linux, Android, and iOS and uses the WireGuard protocol. Mozilla lets users connect up to five devices and currently has over 400 servers in over 30 countries.

The VPN market has grown considerably over the past few years as consumers realize the value of additional privacy, partly driven by Edward Snowden's leaks about US mass surveillance.

VPNs let users encrypt traffic between a device, the VPN's servers, and the website a user wants to connect to. That makes them useful for preventing snoops on the same public Wi-Fi networks at cafes and airports from capturing your credentials.

The rest
 

Gandalf_The_Grey

Level 75
Verified
Honorary Member
Top Poster
Content Creator
Well-known
Apr 24, 2016
6,444
Mozilla VPN Security Audit
To provide transparency into our ongoing efforts to protect your privacy and security on the Internet, we are releasing a security audit of Mozilla VPN that Cure53 conducted earlier this year.

The scope of this security audit included the following products:

Mozilla VPN Qt5 App for macOS
Mozilla VPN Qt5 App for Linux
Mozilla VPN Qt5 App for Windows
Mozilla VPN Qt5 App for iOS
Mozilla VPN Qt5 App for Android
Here’s a summary of the items discovered within this security audit that were medium or higher severity:
  • FVP-02-014: Cross-site WebSocket hijacking (High)
    • Mozilla VPN client, when put in debug mode, exposes a WebSocket interface to localhost to trigger events and retrieve logs (most of the functional tests are written on top of this interface). The WebSocket interface was used only for testing builds and does not affect our customers.
  • FVP-02-001: VPN leak via captive portal detection (Medium)
    • Mozilla VPN client allows sending unencrypted HTTP requests outside of the tunnel to specific IP addresses, particularly if the captive portal detection mechanism has been activated through settings. However, the captive portal detection algorithm requires a plain-text HTTP trusted endpoint to operate. Firefox, Chrome, the network manager of MacOS and many applications have a similar solution enabled by default. Mozilla VPN utilizes the Firefox endpoint.

  • FVP-02-016: Auth code could be leaked by injecting port (Medium)
    • When a user wants to log into Mozilla VPN, the VPN client will make a request to Please return to the Mozilla VPN app to obtain an authorization URL. The endpoint takes a port parameter that will be reflected in a <img> element after the user signs into the web page. It was found that the port parameter could be of an arbitrary value. Further, it was possible to inject the @ sign, so that the request will go to an arbitrary host instead of localhost. We fixed this issue by improving the port number parsing in the REST API component. The fix includes several tests to prevent similar errors in the future.
If you’d like to read the detailed report from Cure53, including all low and informational items, you can find it here.

More information on the issues identified in this report, including links to the actual code fixes, can be found in our MFSA2021-31 Security Advisory published on July 14th, 2021.
 

silversurfer

Level 85
Verified
Honorary Member
Top Poster
Content Creator
Malware Hunter
Well-known
Aug 17, 2014
9,962

Mozilla VPN boosted with multi-hop, blocking and custom DNS features​

Mozilla introduced new privacy features to its VPN service, Mozilla VPN, earlier this week. The organization launched Mozilla VPN back in June 2020 in select regions and has expanded the availability since then.

Mozilla partnered with Mullvad, a Swedish company, and uses the company's infrastructure for its own Mozilla VPN product.

Mozilla VPN lacked some of the features of Mullvad's own VPN client, such as support for multi-hop connections or the integrated content blocker.

The update that Mozilla released this week introduces support for these features in the VPN client.

Mozilla's official blog highlights the three new privacy features.
 

n8chavez

Level 16
Well-known
Feb 26, 2021
757
Mozilla VPN is just dumb. They resell Mullvad is cheaper, so why not just use Mullvad? Firefox VPN offers nothing new, since even multihop can be done with mullvad. Paying more for the same thing doesn't make any sense.
 
Last edited:

silversurfer

Level 85
Verified
Honorary Member
Top Poster
Content Creator
Malware Hunter
Well-known
Aug 17, 2014
9,962
Some Mozilla Firefox users have received popup advertisement in the browser recently. Mozilla used the ad to promote its own Mozilla VPN service to users of the browser. The campaign has now been suspended by the company.

The advertisement that users saw in Firefox came out of the blue for users. Some noted that their browser windows became unresponsive for a time before the popup ad was shown to them. The advertisement itself promoted Mozilla VPN with a 20% discount code. The ad did not include a close option that would permanently shut it down, only a "not now" option, which many companies seem to favor these days to give their users no option to say "no, thanks".

A bug report was created on Bugzilla, Mozilla's official bug tracking site. Several threads on Mozilla's official support site were also created, see here and here as examples.
 

Gandalf_The_Grey

Level 75
Verified
Honorary Member
Top Poster
Content Creator
Well-known
Apr 24, 2016
6,444
Mozilla stops displaying full-screen VPN ads within Firefox after backlash
"Thank you for reaching out with your concern. Firefox is committed to creating an online experience that puts people first, as such we quickly stopped running the ad experience, and are reviewing internally."
"We’re continuously working to understand the best ways to communicate with people who use Firefox. Ultimately, we accomplished the exact opposite of what we intended in this experiment and quickly rolled the experience back. We apologize for any confusion or concern."
 

Zappathustra

Level 2
Jul 1, 2019
47
Mozilla VPN is just dumb. They resell Mullvad is cheaper, so why not just use Mullvad? Firefox VPN offers nothing new, since even multihop can be done with mullvad. Paying more for the same thing doesn't make any sense.
Does Mullvad VPN offers the ability to assign automatically a different location for each container in the browser?

BTW, to disable this or future nasty advertisements (Mozilla makes stupid decisions, indeed)

type about:config or open user.js file and

Code:
user_pref("browser.vpn_promo.enabled", false);
 
Last edited:

About us

  • MalwareTips is a community-driven platform providing the latest information and resources on malware and cyber threats. Our team of experienced professionals and passionate volunteers work to keep the internet safe and secure. We provide accurate, up-to-date information and strive to build a strong and supportive community dedicated to cybersecurity.

User Menu

Follow us

Follow us on Facebook or Twitter to know first about the latest cybersecurity incidents and malware threats.

Top