Логотип exploitDog
Консоль
Логотип exploitDog

exploitDog

redhat логотип

CVE-2025-13019

Опубликовано: 11 нояб. 2025
Источник: redhat
CVSS3: 6.1

Описание

Same-origin policy bypass in the DOM: Workers component. This vulnerability affects Firefox < 145, Firefox ESR < 140.5, Thunderbird < 145, and Thunderbird < 140.5.

A flaw was found in Firefox and Thunderbird. The Mozilla Foundation's Security Advisory describes the following issue: Same-origin policy bypass in the DOM: Workers component.

Отчет

Red Hat Product Security rates the severity of this flaw as determined by the Mozilla Foundation Security Advisory.

Затронутые пакеты

ПлатформаПакетСостояниеРекомендацияРелиз
Red Hat Enterprise Linux 10rhel10/firefox-flatpakAffected
Red Hat Enterprise Linux 10rhel10/thunderbird-flatpakAffected
Red Hat Enterprise Linux 6firefoxOut of support scope
Red Hat Enterprise Linux 6thunderbirdOut of support scope
Red Hat Enterprise Linux 7thunderbirdOut of support scope
Red Hat Enterprise Linux 10firefoxFixedRHSA-2025:2128113.11.2025
Red Hat Enterprise Linux 10thunderbirdFixedRHSA-2025:2184320.11.2025
Red Hat Enterprise Linux 10.0 Extended Update SupportfirefoxFixedRHSA-2025:2112012.11.2025
Red Hat Enterprise Linux 10.0 Extended Update SupportthunderbirdFixedRHSA-2025:2184420.11.2025
Red Hat Enterprise Linux 7 Extended Lifecycle SupportfirefoxFixedRHSA-2025:2237101.12.2025

Показывать по

Ссылки на источники

Дополнительная информация

Статус:

Moderate
Дефект:
CWE-346
https://bugzilla.redhat.com/show_bug.cgi?id=2414084firefox: thunderbird: Same-origin policy bypass in the DOM: Workers component

6.1 Medium

CVSS3

Связанные уязвимости

ubuntu логотип

CVE-2025-13019

CVSS3: 8.1
ubuntu
5 месяцев назад

Same-origin policy bypass in the DOM: Workers component. This vulnerability affects Firefox < 145, Firefox ESR < 140.5, Thunderbird < 145, and Thunderbird < 140.5.

nvd логотип

CVE-2025-13019

CVSS3: 8.1
nvd
5 месяцев назад

Same-origin policy bypass in the DOM: Workers component. This vulnerability affects Firefox < 145, Firefox ESR < 140.5, Thunderbird < 145, and Thunderbird < 140.5.

debian логотип

CVE-2025-13019

CVSS3: 8.1
debian
5 месяцев назад

Same-origin policy bypass in the DOM: Workers component. This vulnerab ...

github логотип

GHSA-mv5g-cf64-38cv

CVSS3: 8.1
github
5 месяцев назад

Same-origin policy bypass in the DOM: Workers component. This vulnerability affects Firefox < 145 and Firefox ESR < 140.5.

fstec логотип

BDU:2025-14545

CVSS3: 5.4
fstec
5 месяцев назад

Уязвимость компонента DOM: Workers браузеров Mozilla Firefox и Firefox ESR, позволяющая нарушителю обойти существующие ограничения безопасности

6.1 Medium

CVSS3