CVE-2025-13017 – This CVE describes a same-origin policy bypass ... (How to Fix)

Q: How do I fix CVE-2025-13017?

1. Open Firefox/Thunderbird. 2. Click menu → Help → About Firefox/Thunderbird. 3. Allow automatic update check and installation. 4. Restart browser when prompted.

Q: What is the severity of CVE-2025-13017?

CVE-2025-13017 has a CVSS score of 8.1 (HIGH). This CVE describes a same-origin policy bypass vulnerability in the DOM Notifications component of Mozilla products. It allows malicious websites to access data from other origins they shouldn't have access to. Affects Firefox, Firefox ESR, Thunderbird, and Thunderbird ESR users running vulnerable versions.

📋 TL;DR

This CVE describes a same-origin policy bypass vulnerability in the DOM Notifications component of Mozilla products. It allows malicious websites to access data from other origins they shouldn't have access to. Affects Firefox, Firefox ESR, Thunderbird, and Thunderbird ESR users running vulnerable versions.

💻 Affected Systems

Products:

Firefox
Firefox ESR
Thunderbird
Thunderbird ESR

Versions: Firefox < 145, Firefox ESR < 140.5, Thunderbird < 145, Thunderbird < 140.5

Operating Systems: Windows, Linux, macOS, Android, iOS

Default Config Vulnerable: ⚠️ Yes

Notes: All standard installations are vulnerable. No special configurations required for exploitation.

📦 What is this software?

Firefox by Mozilla

View all CVEs affecting Firefox →

Firefox by Mozilla

View all CVEs affecting Firefox →

⚠️ Risk & Real-World Impact

🔴

Worst Case

Complete compromise of user data across different websites, including session tokens, personal information, and authentication credentials from other tabs/windows.

🟠

Likely Case

Targeted data theft from specific websites, potentially leading to account takeover or privacy violations.

🟢

If Mitigated

Limited impact if users only visit trusted sites and have strong browser security settings, though risk remains for any cross-origin data.

🌐 Internet-Facing: HIGH - Web browsers are inherently internet-facing and users regularly visit multiple websites.

🏢 Internal Only: MEDIUM - Internal web applications could be targeted if users access them alongside malicious content.

🎯 Exploit Status

Public PoC: ✅ No

Weaponized: UNKNOWN

Unauthenticated Exploit: ⚠️ Yes

Complexity: MEDIUM

Exploitation requires user to visit a malicious website, but no authentication or special permissions needed beyond that.

🛠️ Fix & Mitigation

✅ Official Fix

Patch Version: Firefox 145+, Firefox ESR 140.5+, Thunderbird 145+, Thunderbird ESR 140.5+

Vendor Advisory: https://www.mozilla.org/security/advisories/mfsa2025-87/

Restart Required: Yes

Instructions:

1. Open Firefox/Thunderbird. 2. Click menu → Help → About Firefox/Thunderbird. 3. Allow automatic update check and installation. 4. Restart browser when prompted.

🔧 Temporary Workarounds

Disable Notifications

all

Temporarily disable web notifications to prevent exploitation via the vulnerable component

In Firefox: about:preferences#privacy → Permissions → Notifications → Settings → Block new requests

Use Private Browsing

all

Private/incognito mode limits cross-origin data persistence

Ctrl+Shift+P (Windows/Linux) or Cmd+Shift+P (macOS)

🧯 If You Can't Patch

Restrict browser usage to trusted websites only
Implement network filtering to block access to potentially malicious domains

🔍 How to Verify

Check if Vulnerable:

Check browser version in About dialog. If version is below patched versions listed above, system is vulnerable.

Check Version:

Firefox: about:support → Application Basics → Version. Thunderbird: Help → About Thunderbird

Verify Fix Applied:

Confirm version is Firefox 145+, Firefox ESR 140.5+, Thunderbird 145+, or Thunderbird ESR 140.5+

📡 Detection & Monitoring

Log Indicators:

Unusual cross-origin requests in web server logs
Multiple notification permission requests from same site

Network Indicators:

Suspicious JavaScript loading patterns
Unexpected cross-domain API calls

SIEM Query:

web.url CONTAINS 'notification' AND web.status_code = 200 AND user_agent CONTAINS 'Firefox' AND user_agent VERSION < '145'

📊 Metadata

CVE ID: CVE-2025-13017

CVSS v3 Score: 8.1 (HIGH)

CVSS Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:N

CWE: CWE-942

EPSS Score: 0.04% exploit probability (13.3th percentile)

Published: November 11, 2025

Last Updated: November 19, 2025

🔗 References

https://bugzilla.mozilla.org/show_bug.cgi?id=1980904 Permissions Required
https://www.mozilla.org/security/advisories/mfsa2025-87/ Vendor Advisory
https://www.mozilla.org/security/advisories/mfsa2025-88/ Vendor Advisory
https://www.mozilla.org/security/advisories/mfsa2025-90/
https://www.mozilla.org/security/advisories/mfsa2025-91/

📤 Share & Export

📄 Export Markdown 📋 Export JSON

🔗 Related Vulnerabilities

If you're affected by CVE-2025-13017, you might also want to check these: