Race Condition Leads to Privacy Leak in Mozilla Products
CVE-2025-1013

6.5MEDIUM

Key Information:

Vendor: Mozilla
Status: Firefox; Firefox Esr; Thunderbird
Vendor: CVE Published:; 4 February 2025

Summary

A race condition in Mozilla's Firefox and Thunderbird products may allow private browsing tabs to unintentionally open in standard browsing windows. This behavior can result in confidential information being exposed, potentially compromising user privacy. Affected versions include Firefox versions prior to 135, Firefox ESR below 128.7, and Thunderbird versions under 128.7 and 135. Users are advised to update their applications to the latest versions to mitigate this risk.

Affected Version(s)

Firefox < 135

Firefox ESR < 128.7

Thunderbird < 128.7

References

https://bugzilla.mozilla.org/show_bug.cgi?id=1932555

https://www.mozilla.org/security/advisories/mfsa2025-07/

https://www.mozilla.org/security/advisories/mfsa2025-09/

CVSS V3.1

Score:

6.5

Severity:

MEDIUM

Confidentiality:

Low

Integrity:

Low

Availability:

Low

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

None

Scope:

Unchanged

Timeline

Vulnerability published
Feb 4, 2025
Vulnerability Reserved
Feb 4, 2025

Credit

Maruf Bin Murtuza