PT-2025-46359 · Mozilla+8 · Firefox Esr+9

Oskar L

Published

2025-11-11

Updated

2026-02-02

CVE-2025-13019

CVSS v3.1

8.1

High

Vector

AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:N

Name of the Vulnerable Software and Affected Versions Firefox versions prior to 145 Firefox ESR versions prior to 140.5

Description A same-origin policy bypass exists in the DOM: Workers component. This allows for potential unauthorized access or manipulation of data due to insufficient restrictions on cross-origin interactions.

Recommendations Update Firefox to version 145 or later. Update Firefox ESR to version 140.5 or later.

Fix

Protection Mechanism Failure

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-942CWE-693

Related Identifiers

ALSA-2025:21280

ALSA-2025:21281

ALSA-2025:21843

ALSA-2025:21881

ALSA-2025:22363

ALT-PU-2025-14358

ALT-PU-2025-14554

ALT-PU-2025-14878

BDU:2025-14545

CESA-2025_21881

CESA-2025_22363

CVE-2025-13019

DLA-4370-1

DLA-4372-1

DSA-6054-1

DSA-6059-1

INFSA-2025_21280

INFSA-2025_21842

INFSA-2025_21881

INFSA-2025_22363

MGASA-2025-0300

MGASA-2025-0305

OESA-2025-2770

OPENSUSE-SU-2025:15735-1

OPENSUSE-SU-2025:15738-1

OPENSUSE-SU-2025:20065-1

OPENSUSE-SU-2026:20002-1

RHSA-2025_21280

RHSA-2025_21842

RHSA-2025_21881

SUSE-SU-2025:21021-1

SUSE-SU-2025:4173-1

SUSE-SU-2025:4174-1

SUSE-SU-2025:4195-1

USN-7991-1

Affected Products

Alt Linux

Almalinux

Centos

Firefox

Firefox Esr

Linuxmint

Red Hat

Rocky Linux

Suse

Ubuntu

PT-2025-46359 · Mozilla+8 · Firefox Esr+9

CVE-2025-13019

Weakness Enumeration

Related Identifiers

Affected Products

References · 251