CVE-2025-13019
BaseFortify
Publication date: 2025-11-11
Last updated on: 2026-04-13
Assigner: Mozilla Corporation
Description
Description
CVSS Scores
EPSS Scores
| Probability: | |
| Percentile: |
Meta Information
Affected Vendors & Products
| Vendor | Product | Version / Range |
|---|---|---|
| mozilla | firefox | to 140.5.0 (exc) |
| mozilla | firefox | to 145.0 (exc) |
Helpful Resources
Exploitability
| CWE ID | Description |
|---|---|
| CWE-942 | The product uses a web-client protection mechanism such as a Content Security Policy (CSP) or cross-domain policy file, but the policy includes untrusted domains with which the web client is allowed to communicate. |
Attack-Flow Graph
AI Powered Q&A
Can you explain this vulnerability to me?
This vulnerability is a same-origin policy bypass in the DOM Workers component of Firefox. It affects versions of Firefox before 145 and Firefox ESR before 140.5. The same-origin policy is a critical security mechanism that restricts how documents or scripts loaded from one origin can interact with resources from another origin. A bypass means that an attacker could potentially circumvent these restrictions, leading to unauthorized access or interaction between different origins in the browser.
How can this vulnerability impact me? :
This vulnerability could allow an attacker to bypass the same-origin policy in affected versions of Firefox, potentially enabling unauthorized access to sensitive information or interaction between different web origins. This could lead to data leakage, unauthorized actions on behalf of the user, or other security breaches within the browser environment.