CVE-2025-1013
MEDIUMFirefox < 135.0 and 128.7-128.* - Privacy Leak via Race Condition in Private Browsing Tab Handling
Title source: llmDescription
A race condition could have led to private browsing tabs being opened in normal browsing windows. This could have resulted in a potential privacy leak. This vulnerability was fixed in Firefox 135, Firefox ESR 128.7, Thunderbird 128.7, and Thunderbird 135.
References (6)
Core 6
Core References
Issue Tracking
https://bugzilla.mozilla.org/show_bug.cgi?id=1932555
Vendor Advisory
https://www.mozilla.org/security/advisories/mfsa2025-07/
Vendor Advisory
https://www.mozilla.org/security/advisories/mfsa2025-09/
Vendor Advisory
https://www.mozilla.org/security/advisories/mfsa2025-10/
Vendor Advisory
https://www.mozilla.org/security/advisories/mfsa2025-11/
Scores
CVSS v3
6.5
EPSS
0.0025
EPSS Percentile
48.2%
Attack Vector
NETWORK
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N
CISA SSVC
Vulnrichment
Exploitation
none
Automatable
yes
Technical Impact
partial
Details
CWE
CWE-362
Status
published
Products (7)
mozilla/firefox
< 128.7.0
mozilla/firefox
< 135.0
Mozilla/Firefox
128.7 - 128.*
Mozilla/Firefox
135
mozilla/thunderbird
< 128.7.0
Mozilla/Thunderbird
128.7 - 128.*
Mozilla/Thunderbird
135
Published
Feb 04, 2025
Tracked Since
Feb 18, 2026