Action not permitted
Modal body text goes here.
Modal Title
Modal Body
alsa-2025:22363
Vulnerability from osv_almalinux
Published
2025-12-01 00:00
Modified
2025-12-03 12:05
Summary
Important: firefox security update
Details
Mozilla Firefox is an open-source web browser, designed for standards compliance, performance, and portability.
Security Fix(es):
- firefox: Mitigation bypass in the DOM: Security component (CVE-2025-13018)
- firefox: Use-after-free in the Audio/Video component (CVE-2025-13014)
- firefox: Incorrect boundary conditions in the JavaScript: WebAssembly component (CVE-2025-13016)
- firefox: Same-origin policy bypass in the DOM: Workers component (CVE-2025-13019)
- firefox: Use-after-free in the WebRTC: Audio/Video component (CVE-2025-13020)
- firefox: Race condition in the Graphics component (CVE-2025-13012)
- firefox: Spoofing issue in Firefox (CVE-2025-13015)
- firefox: Mitigation bypass in the DOM: Core & HTML component (CVE-2025-13013)
- firefox: Same-origin policy bypass in the DOM: Notifications component (CVE-2025-13017)
For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.
References
{
"affected": [
{
"package": {
"ecosystem": "AlmaLinux:8",
"name": "firefox"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"fixed": "140.5.0-1.el8_10.alma.1"
}
],
"type": "ECOSYSTEM"
}
]
}
],
"details": "Mozilla Firefox is an open-source web browser, designed for standards compliance, performance, and portability. \n\nSecurity Fix(es): \n\n * firefox: Mitigation bypass in the DOM: Security component (CVE-2025-13018)\n * firefox: Use-after-free in the Audio/Video component (CVE-2025-13014)\n * firefox: Incorrect boundary conditions in the JavaScript: WebAssembly component (CVE-2025-13016)\n * firefox: Same-origin policy bypass in the DOM: Workers component (CVE-2025-13019)\n * firefox: Use-after-free in the WebRTC: Audio/Video component (CVE-2025-13020)\n * firefox: Race condition in the Graphics component (CVE-2025-13012)\n * firefox: Spoofing issue in Firefox (CVE-2025-13015)\n * firefox: Mitigation bypass in the DOM: Core \u0026 HTML component (CVE-2025-13013)\n * firefox: Same-origin policy bypass in the DOM: Notifications component (CVE-2025-13017)\n\n\nFor more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.\n",
"id": "ALSA-2025:22363",
"modified": "2025-12-03T12:05:25Z",
"published": "2025-12-01T00:00:00Z",
"references": [
{
"type": "ADVISORY",
"url": "https://access.redhat.com/errata/RHSA-2025:22363"
},
{
"type": "REPORT",
"url": "https://access.redhat.com/security/cve/CVE-2025-13012"
},
{
"type": "REPORT",
"url": "https://access.redhat.com/security/cve/CVE-2025-13013"
},
{
"type": "REPORT",
"url": "https://access.redhat.com/security/cve/CVE-2025-13014"
},
{
"type": "REPORT",
"url": "https://access.redhat.com/security/cve/CVE-2025-13015"
},
{
"type": "REPORT",
"url": "https://access.redhat.com/security/cve/CVE-2025-13016"
},
{
"type": "REPORT",
"url": "https://access.redhat.com/security/cve/CVE-2025-13017"
},
{
"type": "REPORT",
"url": "https://access.redhat.com/security/cve/CVE-2025-13018"
},
{
"type": "REPORT",
"url": "https://access.redhat.com/security/cve/CVE-2025-13019"
},
{
"type": "REPORT",
"url": "https://access.redhat.com/security/cve/CVE-2025-13020"
},
{
"type": "REPORT",
"url": "https://bugzilla.redhat.com/2414079"
},
{
"type": "REPORT",
"url": "https://bugzilla.redhat.com/2414080"
},
{
"type": "REPORT",
"url": "https://bugzilla.redhat.com/2414083"
},
{
"type": "REPORT",
"url": "https://bugzilla.redhat.com/2414084"
},
{
"type": "REPORT",
"url": "https://bugzilla.redhat.com/2414085"
},
{
"type": "REPORT",
"url": "https://bugzilla.redhat.com/2414086"
},
{
"type": "REPORT",
"url": "https://bugzilla.redhat.com/2414090"
},
{
"type": "REPORT",
"url": "https://bugzilla.redhat.com/2414091"
},
{
"type": "REPORT",
"url": "https://bugzilla.redhat.com/2414092"
},
{
"type": "ADVISORY",
"url": "https://errata.almalinux.org/8/ALSA-2025-22363.html"
}
],
"related": [
"CVE-2025-13018",
"CVE-2025-13014",
"CVE-2025-13016",
"CVE-2025-13019",
"CVE-2025-13020",
"CVE-2025-13012",
"CVE-2025-13015",
"CVE-2025-13013",
"CVE-2025-13017"
],
"summary": "Important: firefox security update"
}
CVE-2025-13016 (GCVE-0-2025-13016)
Vulnerability from cvelistv5 – Published: 2025-11-11 15:47 – Updated: 2026-04-13 14:26
VLAI?
EPSS
Title
Incorrect boundary conditions in the JavaScript: WebAssembly component
Summary
Incorrect boundary conditions in the JavaScript: WebAssembly component. This vulnerability was fixed in Firefox 145, Firefox ESR 140.5, Thunderbird 145, and Thunderbird 140.5.
Severity ?
7.5 (High)
CWE
- CWE-703 - Improper Check or Handling of Exceptional Conditions
Assigner
References
Impacted products
| Vendor | Product | Version | |||||||
|---|---|---|---|---|---|---|---|---|---|
| Mozilla | Firefox |
Unaffected:
140.5 , ≤ 140.*
(rpm)
Unaffected: 145 , ≤ * (rpm) |
|||||||
|
|||||||||
Credits
Igor Morgenstern
{
"containers": {
"adp": [
{
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.1"
}
},
{
"other": {
"content": {
"id": "CVE-2025-13016",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-11-13T15:12:45.698841Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-703",
"description": "CWE-703 Improper Check or Handling of Exceptional Conditions",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-11-25T14:51:51.176Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "Firefox",
"vendor": "Mozilla",
"versions": [
{
"lessThanOrEqual": "140.*",
"status": "unaffected",
"version": "140.5",
"versionType": "rpm"
},
{
"lessThanOrEqual": "*",
"status": "unaffected",
"version": "145",
"versionType": "rpm"
}
]
},
{
"product": "Thunderbird",
"vendor": "Mozilla",
"versions": [
{
"lessThanOrEqual": "140.*",
"status": "unaffected",
"version": "140.5",
"versionType": "rpm"
},
{
"lessThanOrEqual": "*",
"status": "unaffected",
"version": "145",
"versionType": "rpm"
}
]
}
],
"credits": [
{
"lang": "en",
"value": "Igor Morgenstern"
}
],
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "Incorrect boundary conditions in the JavaScript: WebAssembly component. This vulnerability was fixed in Firefox 145, Firefox ESR 140.5, Thunderbird 145, and Thunderbird 140.5."
}
],
"value": "Incorrect boundary conditions in the JavaScript: WebAssembly component. This vulnerability was fixed in Firefox 145, Firefox ESR 140.5, Thunderbird 145, and Thunderbird 140.5."
}
],
"providerMetadata": {
"dateUpdated": "2026-04-13T14:26:21.119Z",
"orgId": "f16b083a-5664-49f3-a51e-8d479e5ed7fe",
"shortName": "mozilla"
},
"references": [
{
"url": "https://bugzilla.mozilla.org/show_bug.cgi?id=1992130"
},
{
"url": "https://www.mozilla.org/security/advisories/mfsa2025-87/"
},
{
"url": "https://www.mozilla.org/security/advisories/mfsa2025-88/"
},
{
"url": "https://www.mozilla.org/security/advisories/mfsa2025-90/"
},
{
"url": "https://www.mozilla.org/security/advisories/mfsa2025-91/"
}
],
"title": "Incorrect boundary conditions in the JavaScript: WebAssembly component"
}
},
"cveMetadata": {
"assignerOrgId": "f16b083a-5664-49f3-a51e-8d479e5ed7fe",
"assignerShortName": "mozilla",
"cveId": "CVE-2025-13016",
"datePublished": "2025-11-11T15:47:14.370Z",
"dateReserved": "2025-11-11T15:12:13.864Z",
"dateUpdated": "2026-04-13T14:26:21.119Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2025-13014 (GCVE-0-2025-13014)
Vulnerability from cvelistv5 – Published: 2025-11-11 15:47 – Updated: 2026-04-13 14:26
VLAI?
EPSS
Title
Use-after-free in the Audio/Video component
Summary
Use-after-free in the Audio/Video component. This vulnerability was fixed in Firefox 145, Firefox ESR 140.5, Firefox ESR 115.30, Thunderbird 145, and Thunderbird 140.5.
Severity ?
8.8 (High)
CWE
- CWE-416 - Use After Free
Assigner
References
| URL | Tags | |||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
||||||||||||||||||||
Impacted products
| Vendor | Product | Version | |||||||
|---|---|---|---|---|---|---|---|---|---|
| Mozilla | Firefox |
Unaffected:
115.30 , ≤ 115.*
(rpm)
Unaffected: 140.5 , ≤ 140.* (rpm) Unaffected: 145 , ≤ * (rpm) |
|||||||
|
|||||||||
Credits
Andrew Osmond
{
"containers": {
"adp": [
{
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 8.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.1"
}
},
{
"other": {
"content": {
"id": "CVE-2025-13014",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-11-12T15:33:45.863353Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-416",
"description": "CWE-416 Use After Free",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-11-26T15:00:09.888Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "Firefox",
"vendor": "Mozilla",
"versions": [
{
"lessThanOrEqual": "115.*",
"status": "unaffected",
"version": "115.30",
"versionType": "rpm"
},
{
"lessThanOrEqual": "140.*",
"status": "unaffected",
"version": "140.5",
"versionType": "rpm"
},
{
"lessThanOrEqual": "*",
"status": "unaffected",
"version": "145",
"versionType": "rpm"
}
]
},
{
"product": "Thunderbird",
"vendor": "Mozilla",
"versions": [
{
"lessThanOrEqual": "140.*",
"status": "unaffected",
"version": "140.5",
"versionType": "rpm"
},
{
"lessThanOrEqual": "*",
"status": "unaffected",
"version": "145",
"versionType": "rpm"
}
]
}
],
"credits": [
{
"lang": "en",
"value": "Andrew Osmond"
}
],
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "Use-after-free in the Audio/Video component. This vulnerability was fixed in Firefox 145, Firefox ESR 140.5, Firefox ESR 115.30, Thunderbird 145, and Thunderbird 140.5."
}
],
"value": "Use-after-free in the Audio/Video component. This vulnerability was fixed in Firefox 145, Firefox ESR 140.5, Firefox ESR 115.30, Thunderbird 145, and Thunderbird 140.5."
}
],
"providerMetadata": {
"dateUpdated": "2026-04-13T14:26:38.013Z",
"orgId": "f16b083a-5664-49f3-a51e-8d479e5ed7fe",
"shortName": "mozilla"
},
"references": [
{
"url": "https://bugzilla.mozilla.org/show_bug.cgi?id=1994241"
},
{
"url": "https://www.mozilla.org/security/advisories/mfsa2025-87/"
},
{
"url": "https://www.mozilla.org/security/advisories/mfsa2025-88/"
},
{
"url": "https://www.mozilla.org/security/advisories/mfsa2025-89/"
},
{
"url": "https://www.mozilla.org/security/advisories/mfsa2025-90/"
},
{
"url": "https://www.mozilla.org/security/advisories/mfsa2025-91/"
}
],
"title": "Use-after-free in the Audio/Video component"
}
},
"cveMetadata": {
"assignerOrgId": "f16b083a-5664-49f3-a51e-8d479e5ed7fe",
"assignerShortName": "mozilla",
"cveId": "CVE-2025-13014",
"datePublished": "2025-11-11T15:47:12.313Z",
"dateReserved": "2025-11-11T15:12:08.629Z",
"dateUpdated": "2026-04-13T14:26:38.013Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2025-13017 (GCVE-0-2025-13017)
Vulnerability from cvelistv5 – Published: 2025-11-11 15:47 – Updated: 2026-04-13 14:26
VLAI?
EPSS
Title
Same-origin policy bypass in the DOM: Notifications component
Summary
Same-origin policy bypass in the DOM: Notifications component. This vulnerability was fixed in Firefox 145, Firefox ESR 140.5, Thunderbird 145, and Thunderbird 140.5.
Severity ?
8.1 (High)
CWE
- CWE-942 - Permissive Cross-domain Policy with Untrusted Domains
Assigner
References
Impacted products
| Vendor | Product | Version | |||||||
|---|---|---|---|---|---|---|---|---|---|
| Mozilla | Firefox |
Unaffected:
140.5 , ≤ 140.*
(rpm)
Unaffected: 145 , ≤ * (rpm) |
|||||||
|
|||||||||
Credits
Mochammad Nosa Shandy Prastyo
{
"containers": {
"adp": [
{
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 8.1,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:N",
"version": "3.1"
}
},
{
"other": {
"content": {
"id": "CVE-2025-13017",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-11-12T15:14:51.986912Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-942",
"description": "CWE-942 Permissive Cross-domain Policy with Untrusted Domains",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-11-25T14:48:48.269Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "Firefox",
"vendor": "Mozilla",
"versions": [
{
"lessThanOrEqual": "140.*",
"status": "unaffected",
"version": "140.5",
"versionType": "rpm"
},
{
"lessThanOrEqual": "*",
"status": "unaffected",
"version": "145",
"versionType": "rpm"
}
]
},
{
"product": "Thunderbird",
"vendor": "Mozilla",
"versions": [
{
"lessThanOrEqual": "140.*",
"status": "unaffected",
"version": "140.5",
"versionType": "rpm"
},
{
"lessThanOrEqual": "*",
"status": "unaffected",
"version": "145",
"versionType": "rpm"
}
]
}
],
"credits": [
{
"lang": "en",
"value": "Mochammad Nosa Shandy Prastyo"
}
],
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "Same-origin policy bypass in the DOM: Notifications component. This vulnerability was fixed in Firefox 145, Firefox ESR 140.5, Thunderbird 145, and Thunderbird 140.5."
}
],
"value": "Same-origin policy bypass in the DOM: Notifications component. This vulnerability was fixed in Firefox 145, Firefox ESR 140.5, Thunderbird 145, and Thunderbird 140.5."
}
],
"providerMetadata": {
"dateUpdated": "2026-04-13T14:26:28.500Z",
"orgId": "f16b083a-5664-49f3-a51e-8d479e5ed7fe",
"shortName": "mozilla"
},
"references": [
{
"url": "https://bugzilla.mozilla.org/show_bug.cgi?id=1980904"
},
{
"url": "https://www.mozilla.org/security/advisories/mfsa2025-87/"
},
{
"url": "https://www.mozilla.org/security/advisories/mfsa2025-88/"
},
{
"url": "https://www.mozilla.org/security/advisories/mfsa2025-90/"
},
{
"url": "https://www.mozilla.org/security/advisories/mfsa2025-91/"
}
],
"title": "Same-origin policy bypass in the DOM: Notifications component"
}
},
"cveMetadata": {
"assignerOrgId": "f16b083a-5664-49f3-a51e-8d479e5ed7fe",
"assignerShortName": "mozilla",
"cveId": "CVE-2025-13017",
"datePublished": "2025-11-11T15:47:16.109Z",
"dateReserved": "2025-11-11T15:12:15.878Z",
"dateUpdated": "2026-04-13T14:26:28.500Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2025-13018 (GCVE-0-2025-13018)
Vulnerability from cvelistv5 – Published: 2025-11-11 15:47 – Updated: 2026-04-13 14:26
VLAI?
EPSS
Title
Mitigation bypass in the DOM: Security component
Summary
Mitigation bypass in the DOM: Security component. This vulnerability was fixed in Firefox 145, Firefox ESR 140.5, Thunderbird 145, and Thunderbird 140.5.
Severity ?
8.1 (High)
CWE
- CWE-288 - Authentication Bypass Using an Alternate Path or Channel
Assigner
References
Impacted products
| Vendor | Product | Version | |||||||
|---|---|---|---|---|---|---|---|---|---|
| Mozilla | Firefox |
Unaffected:
140.5 , ≤ 140.*
(rpm)
Unaffected: 145 , ≤ * (rpm) |
|||||||
|
|||||||||
Credits
Daniel Veditz
{
"containers": {
"adp": [
{
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 8.1,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:N",
"version": "3.1"
}
},
{
"other": {
"content": {
"id": "CVE-2025-13018",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-11-12T15:10:48.076563Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-288",
"description": "CWE-288 Authentication Bypass Using an Alternate Path or Channel",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-11-25T14:48:17.867Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "Firefox",
"vendor": "Mozilla",
"versions": [
{
"lessThanOrEqual": "140.*",
"status": "unaffected",
"version": "140.5",
"versionType": "rpm"
},
{
"lessThanOrEqual": "*",
"status": "unaffected",
"version": "145",
"versionType": "rpm"
}
]
},
{
"product": "Thunderbird",
"vendor": "Mozilla",
"versions": [
{
"lessThanOrEqual": "140.*",
"status": "unaffected",
"version": "140.5",
"versionType": "rpm"
},
{
"lessThanOrEqual": "*",
"status": "unaffected",
"version": "145",
"versionType": "rpm"
}
]
}
],
"credits": [
{
"lang": "en",
"value": "Daniel Veditz"
}
],
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "Mitigation bypass in the DOM: Security component. This vulnerability was fixed in Firefox 145, Firefox ESR 140.5, Thunderbird 145, and Thunderbird 140.5."
}
],
"value": "Mitigation bypass in the DOM: Security component. This vulnerability was fixed in Firefox 145, Firefox ESR 140.5, Thunderbird 145, and Thunderbird 140.5."
}
],
"providerMetadata": {
"dateUpdated": "2026-04-13T14:26:30.229Z",
"orgId": "f16b083a-5664-49f3-a51e-8d479e5ed7fe",
"shortName": "mozilla"
},
"references": [
{
"url": "https://bugzilla.mozilla.org/show_bug.cgi?id=1984940"
},
{
"url": "https://www.mozilla.org/security/advisories/mfsa2025-87/"
},
{
"url": "https://www.mozilla.org/security/advisories/mfsa2025-88/"
},
{
"url": "https://www.mozilla.org/security/advisories/mfsa2025-90/"
},
{
"url": "https://www.mozilla.org/security/advisories/mfsa2025-91/"
}
],
"title": "Mitigation bypass in the DOM: Security component"
}
},
"cveMetadata": {
"assignerOrgId": "f16b083a-5664-49f3-a51e-8d479e5ed7fe",
"assignerShortName": "mozilla",
"cveId": "CVE-2025-13018",
"datePublished": "2025-11-11T15:47:16.458Z",
"dateReserved": "2025-11-11T15:12:17.945Z",
"dateUpdated": "2026-04-13T14:26:30.229Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2025-13013 (GCVE-0-2025-13013)
Vulnerability from cvelistv5 – Published: 2025-11-11 15:47 – Updated: 2026-04-13 14:26
VLAI?
EPSS
Title
Mitigation bypass in the DOM: Core & HTML component
Summary
Mitigation bypass in the DOM: Core & HTML component. This vulnerability was fixed in Firefox 145, Firefox ESR 140.5, Firefox ESR 115.30, Thunderbird 145, and Thunderbird 140.5.
Severity ?
6.1 (Medium)
CWE
- CWE-288 - Authentication Bypass Using an Alternate Path or Channel
Assigner
References
| URL | Tags | |||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
||||||||||||||||||||
Impacted products
| Vendor | Product | Version | |||||||
|---|---|---|---|---|---|---|---|---|---|
| Mozilla | Firefox |
Unaffected:
115.30 , ≤ 115.*
(rpm)
Unaffected: 140.5 , ≤ 140.* (rpm) Unaffected: 145 , ≤ * (rpm) |
|||||||
|
|||||||||
Credits
Masato Kinugawa
{
"containers": {
"adp": [
{
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 6.1,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "CHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N",
"version": "3.1"
}
},
{
"other": {
"content": {
"id": "CVE-2025-13013",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-11-13T15:35:19.621478Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-288",
"description": "CWE-288 Authentication Bypass Using an Alternate Path or Channel",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-11-26T15:00:27.162Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "Firefox",
"vendor": "Mozilla",
"versions": [
{
"lessThanOrEqual": "115.*",
"status": "unaffected",
"version": "115.30",
"versionType": "rpm"
},
{
"lessThanOrEqual": "140.*",
"status": "unaffected",
"version": "140.5",
"versionType": "rpm"
},
{
"lessThanOrEqual": "*",
"status": "unaffected",
"version": "145",
"versionType": "rpm"
}
]
},
{
"product": "Thunderbird",
"vendor": "Mozilla",
"versions": [
{
"lessThanOrEqual": "140.*",
"status": "unaffected",
"version": "140.5",
"versionType": "rpm"
},
{
"lessThanOrEqual": "*",
"status": "unaffected",
"version": "145",
"versionType": "rpm"
}
]
}
],
"credits": [
{
"lang": "en",
"value": "Masato Kinugawa"
}
],
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "Mitigation bypass in the DOM: Core \u0026 HTML component. This vulnerability was fixed in Firefox 145, Firefox ESR 140.5, Firefox ESR 115.30, Thunderbird 145, and Thunderbird 140.5."
}
],
"value": "Mitigation bypass in the DOM: Core \u0026 HTML component. This vulnerability was fixed in Firefox 145, Firefox ESR 140.5, Firefox ESR 115.30, Thunderbird 145, and Thunderbird 140.5."
}
],
"providerMetadata": {
"dateUpdated": "2026-04-13T14:26:34.039Z",
"orgId": "f16b083a-5664-49f3-a51e-8d479e5ed7fe",
"shortName": "mozilla"
},
"references": [
{
"url": "https://bugzilla.mozilla.org/show_bug.cgi?id=1991945"
},
{
"url": "https://www.mozilla.org/security/advisories/mfsa2025-87/"
},
{
"url": "https://www.mozilla.org/security/advisories/mfsa2025-88/"
},
{
"url": "https://www.mozilla.org/security/advisories/mfsa2025-89/"
},
{
"url": "https://www.mozilla.org/security/advisories/mfsa2025-90/"
},
{
"url": "https://www.mozilla.org/security/advisories/mfsa2025-91/"
}
],
"title": "Mitigation bypass in the DOM: Core \u0026 HTML component"
}
},
"cveMetadata": {
"assignerOrgId": "f16b083a-5664-49f3-a51e-8d479e5ed7fe",
"assignerShortName": "mozilla",
"cveId": "CVE-2025-13013",
"datePublished": "2025-11-11T15:47:11.849Z",
"dateReserved": "2025-11-11T15:12:05.806Z",
"dateUpdated": "2026-04-13T14:26:34.039Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2025-13019 (GCVE-0-2025-13019)
Vulnerability from cvelistv5 – Published: 2025-11-11 15:47 – Updated: 2026-04-13 14:26
VLAI?
EPSS
Title
Same-origin policy bypass in the DOM: Workers component
Summary
Same-origin policy bypass in the DOM: Workers component. This vulnerability was fixed in Firefox 145, Firefox ESR 140.5, Thunderbird 145, and Thunderbird 140.5.
Severity ?
8.1 (High)
CWE
- CWE-942 - Permissive Cross-domain Policy with Untrusted Domains
Assigner
References
Impacted products
| Vendor | Product | Version | |||||||
|---|---|---|---|---|---|---|---|---|---|
| Mozilla | Firefox |
Unaffected:
140.5 , ≤ 140.*
(rpm)
Unaffected: 145 , ≤ * (rpm) |
|||||||
|
|||||||||
Credits
Oskar L
{
"containers": {
"adp": [
{
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 8.1,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:N",
"version": "3.1"
}
},
{
"other": {
"content": {
"id": "CVE-2025-13019",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-11-12T14:59:56.437129Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-942",
"description": "CWE-942 Permissive Cross-domain Policy with Untrusted Domains",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-11-25T14:47:26.072Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "Firefox",
"vendor": "Mozilla",
"versions": [
{
"lessThanOrEqual": "140.*",
"status": "unaffected",
"version": "140.5",
"versionType": "rpm"
},
{
"lessThanOrEqual": "*",
"status": "unaffected",
"version": "145",
"versionType": "rpm"
}
]
},
{
"product": "Thunderbird",
"vendor": "Mozilla",
"versions": [
{
"lessThanOrEqual": "140.*",
"status": "unaffected",
"version": "140.5",
"versionType": "rpm"
},
{
"lessThanOrEqual": "*",
"status": "unaffected",
"version": "145",
"versionType": "rpm"
}
]
}
],
"credits": [
{
"lang": "en",
"value": "Oskar L"
}
],
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "Same-origin policy bypass in the DOM: Workers component. This vulnerability was fixed in Firefox 145, Firefox ESR 140.5, Thunderbird 145, and Thunderbird 140.5."
}
],
"value": "Same-origin policy bypass in the DOM: Workers component. This vulnerability was fixed in Firefox 145, Firefox ESR 140.5, Thunderbird 145, and Thunderbird 140.5."
}
],
"providerMetadata": {
"dateUpdated": "2026-04-13T14:26:31.931Z",
"orgId": "f16b083a-5664-49f3-a51e-8d479e5ed7fe",
"shortName": "mozilla"
},
"references": [
{
"url": "https://bugzilla.mozilla.org/show_bug.cgi?id=1988412"
},
{
"url": "https://www.mozilla.org/security/advisories/mfsa2025-87/"
},
{
"url": "https://www.mozilla.org/security/advisories/mfsa2025-88/"
},
{
"url": "https://www.mozilla.org/security/advisories/mfsa2025-90/"
},
{
"url": "https://www.mozilla.org/security/advisories/mfsa2025-91/"
}
],
"title": "Same-origin policy bypass in the DOM: Workers component"
}
},
"cveMetadata": {
"assignerOrgId": "f16b083a-5664-49f3-a51e-8d479e5ed7fe",
"assignerShortName": "mozilla",
"cveId": "CVE-2025-13019",
"datePublished": "2025-11-11T15:47:16.759Z",
"dateReserved": "2025-11-11T15:12:20.399Z",
"dateUpdated": "2026-04-13T14:26:31.931Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2025-13012 (GCVE-0-2025-13012)
Vulnerability from cvelistv5 – Published: 2025-11-11 15:47 – Updated: 2026-04-13 14:26
VLAI?
EPSS
Title
Race condition in the Graphics component
Summary
Race condition in the Graphics component. This vulnerability was fixed in Firefox 145, Firefox ESR 140.5, Firefox ESR 115.30, Thunderbird 145, and Thunderbird 140.5.
Severity ?
7.5 (High)
CWE
- CWE-362 - Concurrent Execution using Shared Resource with Improper Synchronization ('Race Condition')
Assigner
References
| URL | Tags | |||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
||||||||||||||||||||
Impacted products
| Vendor | Product | Version | |||||||
|---|---|---|---|---|---|---|---|---|---|
| Mozilla | Firefox |
Unaffected:
115.30 , ≤ 115.*
(rpm)
Unaffected: 140.5 , ≤ 140.* (rpm) Unaffected: 145 , ≤ * (rpm) |
|||||||
|
|||||||||
Credits
Irvan Kurniawan
{
"containers": {
"adp": [
{
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.1"
}
},
{
"other": {
"content": {
"id": "CVE-2025-13012",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-11-13T15:37:17.364224Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-362",
"description": "CWE-362 Concurrent Execution using Shared Resource with Improper Synchronization (\u0027Race Condition\u0027)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-11-26T15:00:50.725Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "Firefox",
"vendor": "Mozilla",
"versions": [
{
"lessThanOrEqual": "115.*",
"status": "unaffected",
"version": "115.30",
"versionType": "rpm"
},
{
"lessThanOrEqual": "140.*",
"status": "unaffected",
"version": "140.5",
"versionType": "rpm"
},
{
"lessThanOrEqual": "*",
"status": "unaffected",
"version": "145",
"versionType": "rpm"
}
]
},
{
"product": "Thunderbird",
"vendor": "Mozilla",
"versions": [
{
"lessThanOrEqual": "140.*",
"status": "unaffected",
"version": "140.5",
"versionType": "rpm"
},
{
"lessThanOrEqual": "*",
"status": "unaffected",
"version": "145",
"versionType": "rpm"
}
]
}
],
"credits": [
{
"lang": "en",
"value": "Irvan Kurniawan"
}
],
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "Race condition in the Graphics component. This vulnerability was fixed in Firefox 145, Firefox ESR 140.5, Firefox ESR 115.30, Thunderbird 145, and Thunderbird 140.5."
}
],
"value": "Race condition in the Graphics component. This vulnerability was fixed in Firefox 145, Firefox ESR 140.5, Firefox ESR 115.30, Thunderbird 145, and Thunderbird 140.5."
}
],
"providerMetadata": {
"dateUpdated": "2026-04-13T14:26:13.190Z",
"orgId": "f16b083a-5664-49f3-a51e-8d479e5ed7fe",
"shortName": "mozilla"
},
"references": [
{
"url": "https://bugzilla.mozilla.org/show_bug.cgi?id=1991458"
},
{
"url": "https://www.mozilla.org/security/advisories/mfsa2025-87/"
},
{
"url": "https://www.mozilla.org/security/advisories/mfsa2025-88/"
},
{
"url": "https://www.mozilla.org/security/advisories/mfsa2025-89/"
},
{
"url": "https://www.mozilla.org/security/advisories/mfsa2025-90/"
},
{
"url": "https://www.mozilla.org/security/advisories/mfsa2025-91/"
}
],
"title": "Race condition in the Graphics component"
}
},
"cveMetadata": {
"assignerOrgId": "f16b083a-5664-49f3-a51e-8d479e5ed7fe",
"assignerShortName": "mozilla",
"cveId": "CVE-2025-13012",
"datePublished": "2025-11-11T15:47:11.434Z",
"dateReserved": "2025-11-11T15:12:03.494Z",
"dateUpdated": "2026-04-13T14:26:13.190Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2025-13020 (GCVE-0-2025-13020)
Vulnerability from cvelistv5 – Published: 2025-11-11 15:47 – Updated: 2026-04-13 14:26
VLAI?
EPSS
Title
Use-after-free in the WebRTC: Audio/Video component
Summary
Use-after-free in the WebRTC: Audio/Video component. This vulnerability was fixed in Firefox 145, Firefox ESR 140.5, Thunderbird 145, and Thunderbird 140.5.
Severity ?
8.8 (High)
CWE
- CWE-416 - Use After Free
Assigner
References
Impacted products
| Vendor | Product | Version | |||||||
|---|---|---|---|---|---|---|---|---|---|
| Mozilla | Firefox |
Unaffected:
140.5 , ≤ 140.*
(rpm)
Unaffected: 145 , ≤ * (rpm) |
|||||||
|
|||||||||
Credits
Andreas Pehrson
{
"containers": {
"adp": [
{
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 8.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.1"
}
},
{
"other": {
"content": {
"id": "CVE-2025-13020",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-11-12T14:56:55.388656Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-416",
"description": "CWE-416 Use After Free",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-11-25T14:47:09.378Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "Firefox",
"vendor": "Mozilla",
"versions": [
{
"lessThanOrEqual": "140.*",
"status": "unaffected",
"version": "140.5",
"versionType": "rpm"
},
{
"lessThanOrEqual": "*",
"status": "unaffected",
"version": "145",
"versionType": "rpm"
}
]
},
{
"product": "Thunderbird",
"vendor": "Mozilla",
"versions": [
{
"lessThanOrEqual": "140.*",
"status": "unaffected",
"version": "140.5",
"versionType": "rpm"
},
{
"lessThanOrEqual": "*",
"status": "unaffected",
"version": "145",
"versionType": "rpm"
}
]
}
],
"credits": [
{
"lang": "en",
"value": "Andreas Pehrson"
}
],
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "Use-after-free in the WebRTC: Audio/Video component. This vulnerability was fixed in Firefox 145, Firefox ESR 140.5, Thunderbird 145, and Thunderbird 140.5."
}
],
"value": "Use-after-free in the WebRTC: Audio/Video component. This vulnerability was fixed in Firefox 145, Firefox ESR 140.5, Thunderbird 145, and Thunderbird 140.5."
}
],
"providerMetadata": {
"dateUpdated": "2026-04-13T14:26:35.933Z",
"orgId": "f16b083a-5664-49f3-a51e-8d479e5ed7fe",
"shortName": "mozilla"
},
"references": [
{
"url": "https://bugzilla.mozilla.org/show_bug.cgi?id=1995686"
},
{
"url": "https://www.mozilla.org/security/advisories/mfsa2025-87/"
},
{
"url": "https://www.mozilla.org/security/advisories/mfsa2025-88/"
},
{
"url": "https://www.mozilla.org/security/advisories/mfsa2025-90/"
},
{
"url": "https://www.mozilla.org/security/advisories/mfsa2025-91/"
}
],
"title": "Use-after-free in the WebRTC: Audio/Video component"
}
},
"cveMetadata": {
"assignerOrgId": "f16b083a-5664-49f3-a51e-8d479e5ed7fe",
"assignerShortName": "mozilla",
"cveId": "CVE-2025-13020",
"datePublished": "2025-11-11T15:47:17.203Z",
"dateReserved": "2025-11-11T15:12:22.873Z",
"dateUpdated": "2026-04-13T14:26:35.933Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2025-13015 (GCVE-0-2025-13015)
Vulnerability from cvelistv5 – Published: 2025-11-11 15:47 – Updated: 2026-04-13 14:26
VLAI?
EPSS
Title
Spoofing issue in Firefox
Summary
Spoofing issue in Firefox. This vulnerability was fixed in Firefox 145, Firefox ESR 140.5, and Firefox ESR 115.30.
Severity ?
CWE
- CWE-290 - Authentication Bypass by Spoofing
Assigner
References
Impacted products
Credits
Eemeli Aro
{
"containers": {
"adp": [
{
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 3.4,
"baseSeverity": "LOW",
"confidentialityImpact": "LOW",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "CHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:C/C:L/I:N/A:N",
"version": "3.1"
}
},
{
"other": {
"content": {
"id": "CVE-2025-13015",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-11-13T15:30:38.052400Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-290",
"description": "CWE-290 Authentication Bypass by Spoofing",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-11-25T14:57:10.250Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "Firefox",
"vendor": "Mozilla",
"versions": [
{
"lessThanOrEqual": "115.*",
"status": "unaffected",
"version": "115.30",
"versionType": "rpm"
},
{
"lessThanOrEqual": "140.*",
"status": "unaffected",
"version": "140.5",
"versionType": "rpm"
},
{
"lessThanOrEqual": "*",
"status": "unaffected",
"version": "145",
"versionType": "rpm"
}
]
}
],
"credits": [
{
"lang": "en",
"value": "Eemeli Aro"
}
],
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "Spoofing issue in Firefox. This vulnerability was fixed in Firefox 145, Firefox ESR 140.5, and Firefox ESR 115.30."
}
],
"value": "Spoofing issue in Firefox. This vulnerability was fixed in Firefox 145, Firefox ESR 140.5, and Firefox ESR 115.30."
}
],
"providerMetadata": {
"dateUpdated": "2026-04-13T14:26:40.252Z",
"orgId": "f16b083a-5664-49f3-a51e-8d479e5ed7fe",
"shortName": "mozilla"
},
"references": [
{
"url": "https://bugzilla.mozilla.org/show_bug.cgi?id=1994164"
},
{
"url": "https://www.mozilla.org/security/advisories/mfsa2025-87/"
},
{
"url": "https://www.mozilla.org/security/advisories/mfsa2025-88/"
},
{
"url": "https://www.mozilla.org/security/advisories/mfsa2025-89/"
}
],
"title": "Spoofing issue in Firefox"
}
},
"cveMetadata": {
"assignerOrgId": "f16b083a-5664-49f3-a51e-8d479e5ed7fe",
"assignerShortName": "mozilla",
"cveId": "CVE-2025-13015",
"datePublished": "2025-11-11T15:47:12.707Z",
"dateReserved": "2025-11-11T15:12:11.401Z",
"dateUpdated": "2026-04-13T14:26:40.252Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
Loading…
Show additional events:
Loading…
Sightings
| Author | Source | Type | Date |
|---|
Nomenclature
- Seen: The vulnerability was mentioned, discussed, or observed by the user.
- Confirmed: The vulnerability has been validated from an analyst's perspective.
- Published Proof of Concept: A public proof of concept is available for this vulnerability.
- Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
- Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
- Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
- Not confirmed: The user expressed doubt about the validity of the vulnerability.
- Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.
Loading…
Loading…