Spoofing Vulnerability in Mozilla Firefox Affects Multiple Versions
CVE-2025-13015

3.4LOW

Key Information:

Vendor: Mozilla
Status: Firefox; Firefox Esr; Thunderbird
Vendor: CVE Published:; 11 November 2025

What is CVE-2025-13015?

A spoofing vulnerability exists in Mozilla Firefox, allowing attackers to manipulate the browser's behavior and potentially deceive users. This issue affects various versions of Firefox, including those prior to 145, as well as certain Extended Support Release (ESR) versions. Users are encouraged to apply the latest updates and follow security best practices to mitigate risks associated with this vulnerability.

Affected Version(s)

Firefox < 145

Firefox ESR < 140.5

Firefox ESR < 115.30

References

https://bugzilla.mozilla.org/show_bug.cgi?id=1994164

https://www.mozilla.org/security/advisories/mfsa2025-87/

https://www.mozilla.org/security/advisories/mfsa2025-88/

CVSS V3.1

Score:

3.4

Severity:

LOW

Confidentiality:

Low

Integrity:

None

Availability:

Low

Attack Vector:

Network

Attack Complexity:

High

Privileges Required:

None

User Interaction:

Required

Scope:

Changed

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Nov 11, 2025
Vulnerability Reserved
Nov 11, 2025

Credit

Eemeli Aro

JSON