Mozilla Foundation Security Advisory 2025-88
Security Vulnerabilities fixed in Firefox ESR 140.5
- Announced
- November 11, 2025
- Impact
- high
- Products
- Firefox ESR
- Fixed in
-
- Firefox ESR 140.5
#CVE-2025-13012: Race condition in the Graphics component
- Reporter
- Irvan Kurniawan
- Impact
- high
References
#CVE-2025-13016: Incorrect boundary conditions in the JavaScript: WebAssembly component
- Reporter
- Igor Morgenstern
- Impact
- high
References
#CVE-2025-13017: Same-origin policy bypass in the DOM: Notifications component
- Reporter
- Mochammad Nosa Shandy Prastyo
- Impact
- moderate
References
#CVE-2025-13018: Mitigation bypass in the DOM: Security component
- Reporter
- Daniel Veditz
- Impact
- moderate
References
#CVE-2025-13019: Same-origin policy bypass in the DOM: Workers component
- Reporter
- Oskar L
- Impact
- moderate
References
#CVE-2025-13013: Mitigation bypass in the DOM: Core & HTML component
- Reporter
- Masato Kinugawa
- Impact
- moderate
References
#CVE-2025-13020: Use-after-free in the WebRTC: Audio/Video component
- Reporter
- Andreas Pehrson
- Impact
- moderate
References
#CVE-2025-13014: Use-after-free in the Audio/Video component
- Reporter
- Andrew Osmond
- Impact
- moderate
References
#CVE-2025-13015: Spoofing issue in Firefox
- Reporter
- Eemeli Aro
- Impact
- low