Mitigation Bypass in Firefox Core and HTML Component
CVE-2025-13013

6.1MEDIUM

Key Information:

Vendor: Mozilla
Status: Firefox; Firefox Esr; Thunderbird
Vendor: CVE Published:; 11 November 2025

What is CVE-2025-13013?

This vulnerability allows attackers to bypass security mitigations in the DOM, affecting the core and HTML components of the Firefox browser. It poses significant risks to users on Firefox versions below 145, as well as those using Firefox ESR versions lower than 140.5 and 115.30. Users are advised to upgrade to secure versions to protect against potential exploitation.

Affected Version(s)

Firefox < 145

Firefox ESR < 140.5

Firefox ESR < 115.30

References

https://bugzilla.mozilla.org/show_bug.cgi?id=1991945

https://www.mozilla.org/security/advisories/mfsa2025-87/

https://www.mozilla.org/security/advisories/mfsa2025-88/

CVSS V3.1

Score:

6.1

Severity:

MEDIUM

Confidentiality:

Low

Integrity:

Low

Availability:

Low

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

Required

Scope:

Changed

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Nov 11, 2025
Vulnerability Reserved
Nov 11, 2025

Credit

Masato Kinugawa

JSON