Race Condition Leads to Privacy Leak in Mozilla Products
CVE-2025-1013

Currently unrated

Key Information:

Vendor
Mozilla
Status
Firefox
Firefox Esr
Thunderbird
Vendor
CVE Published:
4 February 2025

Summary

A race condition in Mozilla's Firefox and Thunderbird products may allow private browsing tabs to unintentionally open in standard browsing windows. This behavior can result in confidential information being exposed, potentially compromising user privacy. Affected versions include Firefox versions prior to 135, Firefox ESR below 128.7, and Thunderbird versions under 128.7 and 135. Users are advised to update their applications to the latest versions to mitigate this risk.

Affected Version(s)

Firefox < 135

Firefox ESR < 128.7

Thunderbird < 128.7

References

https://bugzilla.mozilla.org/show_bug.cgi?id=1932555
https://www.mozilla.org/security/advisories/mfsa2025-07/
https://www.mozilla.org/security/advisories/mfsa2025-09/

Timeline

  • Vulnerability published

  • Vulnerability Reserved

Credit

Maruf Bin Murtuza
.