CVE-2025-1013 - Vulnerability Details

A race condition could have led to private browsing tabs being opened in normal browsing windows. This could have resulted in a potential privacy leak. This vulnerability affects Firefox < 135, Firefox ESR < 128.7, Thunderbird < 128.7, and Thunderbird < 135.

No CVSS v4.0

Attack Vector Network

Attack Complexity Low

Privileges Required None

Scope Unchanged

Confidentiality Impact Low

Integrity Impact Low

Availability Impact None

User Interaction None

No CVSS v3.0

No CVSS v2

This CVE is not in the KEV list.

Exploitation none

Automatable yes

Technical Impact partial

Vendors	Products
Mozilla	Firefox Thunderbird
Redhat	Enterprise Linux Rhel Aus Rhel E4s Rhel Els Rhel Eus Rhel Tus

Configuration 1 [-]

OR	cpe:2.3:a:mozilla:firefox:::::esr:::*
	cpe:2.3:a:mozilla:firefox::::::::
	cpe:2.3:a:mozilla:thunderbird::::::::
	cpe:2.3:a:mozilla:thunderbird::::::::

Package	CPE	Advisory	Released Date
Red Hat Enterprise Linux 7 Extended Lifecycle Support
firefox-0:128.7.0-1.el7_9	cpe:/o:redhat:rhel_els:7	RHSA-2025:1132	2025-02-06T00:00:00Z
Red Hat Enterprise Linux 8
firefox-0:128.7.0-1.el8_10	cpe:/a:redhat:enterprise_linux:8	RHSA-2025:1283	2025-02-11T00:00:00Z
thunderbird-0:128.7.0-1.el8_10	cpe:/a:redhat:enterprise_linux:8	RHSA-2025:1292	2025-02-11T00:00:00Z
Red Hat Enterprise Linux 8.2 Advanced Update Support
firefox-0:128.7.0-1.el8_2	cpe:/a:redhat:rhel_aus:8.2	RHSA-2025:1133	2025-02-06T00:00:00Z
thunderbird-0:128.7.0-1.el8_2	cpe:/a:redhat:rhel_aus:8.2	RHSA-2025:1348	2025-02-12T00:00:00Z
Red Hat Enterprise Linux 8.4 Advanced Mission Critical Update Support
firefox-0:128.7.0-1.el8_4	cpe:/a:redhat:rhel_aus:8.4	RHSA-2025:1135	2025-02-06T00:00:00Z
thunderbird-0:128.7.0-1.el8_4	cpe:/a:redhat:rhel_aus:8.4	RHSA-2025:1339	2025-02-12T00:00:00Z
Red Hat Enterprise Linux 8.4 Telecommunications Update Service
firefox-0:128.7.0-1.el8_4	cpe:/a:redhat:rhel_tus:8.4	RHSA-2025:1135	2025-02-06T00:00:00Z
thunderbird-0:128.7.0-1.el8_4	cpe:/a:redhat:rhel_tus:8.4	RHSA-2025:1339	2025-02-12T00:00:00Z
Red Hat Enterprise Linux 8.4 Update Services for SAP Solutions
firefox-0:128.7.0-1.el8_4	cpe:/a:redhat:rhel_e4s:8.4	RHSA-2025:1135	2025-02-06T00:00:00Z
thunderbird-0:128.7.0-1.el8_4	cpe:/a:redhat:rhel_e4s:8.4	RHSA-2025:1339	2025-02-12T00:00:00Z
Red Hat Enterprise Linux 8.6 Advanced Mission Critical Update Support
firefox-0:128.7.0-1.el8_6	cpe:/a:redhat:rhel_aus:8.6	RHSA-2025:1136	2025-02-06T00:00:00Z
thunderbird-0:128.7.0-1.el8_6	cpe:/a:redhat:rhel_aus:8.6	RHSA-2025:1341	2025-02-12T00:00:00Z
Red Hat Enterprise Linux 8.6 Telecommunications Update Service
firefox-0:128.7.0-1.el8_6	cpe:/a:redhat:rhel_tus:8.6	RHSA-2025:1136	2025-02-06T00:00:00Z
thunderbird-0:128.7.0-1.el8_6	cpe:/a:redhat:rhel_tus:8.6	RHSA-2025:1341	2025-02-12T00:00:00Z
Red Hat Enterprise Linux 8.6 Update Services for SAP Solutions
firefox-0:128.7.0-1.el8_6	cpe:/a:redhat:rhel_e4s:8.6	RHSA-2025:1136	2025-02-06T00:00:00Z
thunderbird-0:128.7.0-1.el8_6	cpe:/a:redhat:rhel_e4s:8.6	RHSA-2025:1341	2025-02-12T00:00:00Z
Red Hat Enterprise Linux 8.8 Extended Update Support
firefox-0:128.7.0-1.el8_8	cpe:/a:redhat:rhel_eus:8.8	RHSA-2025:1137	2025-02-06T00:00:00Z
thunderbird-0:128.7.0-1.el8_8	cpe:/a:redhat:rhel_eus:8.8	RHSA-2025:1340	2025-02-12T00:00:00Z
Red Hat Enterprise Linux 9
firefox-0:128.7.0-1.el9_5	cpe:/a:redhat:enterprise_linux:9	RHSA-2025:1066	2025-02-05T00:00:00Z
thunderbird-0:128.7.0-1.el9_5	cpe:/a:redhat:enterprise_linux:9	RHSA-2025:1184	2025-02-10T00:00:00Z
Red Hat Enterprise Linux 9.0 Update Services for SAP Solutions
firefox-0:128.7.0-1.el9_0	cpe:/a:redhat:rhel_e4s:9.0	RHSA-2025:1138	2025-02-06T00:00:00Z
thunderbird-0:128.7.0-1.el9_0	cpe:/a:redhat:rhel_e4s:9.0	RHSA-2025:1319	2025-02-11T00:00:00Z
Red Hat Enterprise Linux 9.2 Extended Update Support
firefox-0:128.7.0-1.el9_2	cpe:/a:redhat:rhel_eus:9.2	RHSA-2025:1139	2025-02-06T00:00:00Z
thunderbird-0:128.7.0-1.el9_2	cpe:/a:redhat:rhel_eus:9.2	RHSA-2025:1317	2025-02-11T00:00:00Z
Red Hat Enterprise Linux 9.4 Extended Update Support
firefox-0:128.7.0-1.el9_4	cpe:/a:redhat:rhel_eus:9.4	RHSA-2025:1140	2025-02-06T00:00:00Z
thunderbird-0:128.7.0-1.el9_4	cpe:/a:redhat:rhel_eus:9.4	RHSA-2025:1318	2025-02-11T00:00:00Z

References

Link	Providers
https://bugzilla.mozilla.org/show_bug.cgi?id=1932555
https://nvd.nist.gov/vuln/detail/CVE-2025-1013
https://www.cve.org/CVERecord?id=CVE-2025-1013
https://www.mozilla.org/security/advisories/mfsa2025-07/
https://www.mozilla.org/security/advisories/mfsa2025-09/
https://www.mozilla.org/security/advisories/mfsa2025-10/
https://www.mozilla.org/security/advisories/mfsa2025-11/

History

Tue, 08 Apr 2025 12:45:00 +0000

Type	Values Removed	Values Added
First Time appeared		Mozilla Mozilla firefox Mozilla thunderbird
CPEs		cpe:2.3:a:mozilla:firefox:::::::: cpe:2.3:a:mozilla:firefox:::::esr:::* cpe:2.3:a:mozilla:thunderbird::::::::
Vendors & Products		Mozilla Mozilla firefox Mozilla thunderbird

Thu, 13 Feb 2025 01:00:00 +0000

Type	Values Removed	Values Added
CPEs		cpe:/a:redhat:enterprise_linux:8

Fri, 07 Feb 2025 14:30:00 +0000

Type	Values Removed	Values Added
Title		firefox: thunderbird: Potential opening of private browsing tabs in normal browsing windows
First Time appeared		Redhat Redhat enterprise Linux Redhat rhel Aus Redhat rhel E4s Redhat rhel Els Redhat rhel Eus Redhat rhel Tus
CPEs		cpe:/a:redhat:enterprise_linux:9 cpe:/a:redhat:rhel_aus:8.2 cpe:/a:redhat:rhel_aus:8.4 cpe:/a:redhat:rhel_aus:8.6 cpe:/a:redhat:rhel_e4s:8.4 cpe:/a:redhat:rhel_e4s:8.6 cpe:/a:redhat:rhel_e4s:9.0 cpe:/a:redhat:rhel_eus:8.8 cpe:/a:redhat:rhel_eus:9.2 cpe:/a:redhat:rhel_eus:9.4 cpe:/a:redhat:rhel_tus:8.4 cpe:/a:redhat:rhel_tus:8.6 cpe:/o:redhat:rhel_els:7
Vendors & Products		Redhat Redhat enterprise Linux Redhat rhel Aus Redhat rhel E4s Redhat rhel Els Redhat rhel Eus Redhat rhel Tus
References		https://nvd.nist.gov/vuln/detail/CVE-2025-1013 https://www.cve.org/CVERecord?id=CVE-2025-1013
Metrics	threat_severity `None`	threat_severity `Low`

Tue, 04 Feb 2025 22:15:00 +0000

Type	Values Removed	Values Added
Weaknesses		CWE-362
Metrics		cvssV3_1 `{'score': 6.5, 'vector': 'CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N'}` ssvc `{'options': {'Automatable': 'yes', 'Exploitation': 'none', 'Technical Impact': 'partial'}, 'version': '2.0.3'}`

Tue, 04 Feb 2025 14:15:00 +0000

Type	Values Removed	Values Added
Description		A race condition could have led to private browsing tabs being opened in normal browsing windows. This could have resulted in a potential privacy leak. This vulnerability affects Firefox < 135, Firefox ESR < 128.7, Thunderbird < 128.7, and Thunderbird < 135.
References		https://bugzilla.mozilla.org/show_bug.cgi?id=1932555 https://www.mozilla.org/security/advisories/mfsa2025-07/ https://www.mozilla.org/security/advisories/mfsa2025-09/ https://www.mozilla.org/security/advisories/mfsa2025-10/ https://www.mozilla.org/security/advisories/mfsa2025-11/

MITRE

Status: PUBLISHED

Assigner: mozilla

Published: 2025-02-04T13:58:54.445Z

Updated: 2025-02-04T21:12:39.606Z

Reserved: 2025-02-04T07:26:34.165Z

Link: CVE-2025-1013

Vulnrichment

Updated: 2025-02-04T21:12:26.026Z

NVD

Status : Analyzed

Published: 2025-02-04T14:15:32.123

Modified: 2025-04-08T12:26:22.417

Link: CVE-2025-1013

Redhat

Severity : Low

Publid Date: 2025-02-04T13:58:54Z

Links: CVE-2025-1013 - Bugzilla

{"dataType": "CVE_RECORD", "dataVersion": "5.1", "cveMetadata": {"cveId": "CVE-2025-1013", "assignerOrgId": "f16b083a-5664-49f3-a51e-8d479e5ed7fe", "state": "PUBLISHED", "assignerShortName": "mozilla", "dateReserved": "2025-02-04T07:26:34.165Z", "datePublished": "2025-02-04T13:58:54.445Z", "dateUpdated": "2025-02-04T21:12:39.606Z"}, "containers": {"cna": {"affected": [{"product": "Firefox", "vendor": "Mozilla", "versions": [{"lessThan": "135", "status": "affected", "version": "unspecified", "versionType": "custom"}]}, {"product": "Firefox ESR", "vendor": "Mozilla", "versions": [{"lessThan": "128.7", "status": "affected", "version": "unspecified", "versionType": "custom"}]}, {"product": "Thunderbird", "vendor": "Mozilla", "versions": [{"lessThan": "128.7", "status": "affected", "version": "unspecified", "versionType": "custom"}]}, {"product": "Thunderbird", "vendor": "Mozilla", "versions": [{"lessThan": "135", "status": "affected", "version": "unspecified", "versionType": "custom"}]}], "descriptions": [{"lang": "en", "value": "A race condition could have led to private browsing tabs being opened in normal browsing windows. This could have resulted in a potential privacy leak. This vulnerability affects Firefox < 135, Firefox ESR < 128.7, Thunderbird < 128.7, and Thunderbird < 135.", "supportingMedia": [{"type": "text/html", "base64": false, "value": "A race condition could have led to private browsing tabs being opened in normal browsing windows. This could have resulted in a potential privacy leak. This vulnerability affects Firefox < 135, Firefox ESR < 128.7, Thunderbird < 128.7, and Thunderbird < 135."}]}], "problemTypes": [{"descriptions": [{"description": "Potential opening of private browsing tabs in normal browsing windows", "lang": "en", "type": "text"}]}], "references": [{"url": "https://bugzilla.mozilla.org/show_bug.cgi?id=1932555"}, {"url": "https://www.mozilla.org/security/advisories/mfsa2025-07/"}, {"url": "https://www.mozilla.org/security/advisories/mfsa2025-09/"}, {"url": "https://www.mozilla.org/security/advisories/mfsa2025-10/"}, {"url": "https://www.mozilla.org/security/advisories/mfsa2025-11/"}], "credits": [{"lang": "en", "value": "Maruf Bin Murtuza"}], "providerMetadata": {"orgId": "f16b083a-5664-49f3-a51e-8d479e5ed7fe", "shortName": "mozilla", "dateUpdated": "2025-02-04T13:58:54.445Z"}}, "adp": [{"problemTypes": [{"descriptions": [{"type": "CWE", "cweId": "CWE-362", "lang": "en", "description": "CWE-362 Concurrent Execution using Shared Resource with Improper Synchronization ('Race Condition')"}]}], "metrics": [{"cvssV3_1": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 6.5, "attackVector": "NETWORK", "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N", "integrityImpact": "LOW", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "NONE", "privilegesRequired": "NONE", "confidentialityImpact": "LOW"}}, {"other": {"type": "ssvc", "content": {"timestamp": "2025-02-04T21:11:49.089593Z", "id": "CVE-2025-1013", "options": [{"Exploitation": "none"}, {"Automatable": "yes"}, {"Technical Impact": "partial"}], "role": "CISA Coordinator", "version": "2.0.3"}}}], "title": "CISA ADP Vulnrichment", "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2025-02-04T21:12:39.606Z"}}]}}

{"dataType": "CVE_RECORD", "containers": {"adp": [{"title": "CISA ADP Vulnrichment", "metrics": [{"cvssV3_1": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 6.5, "attackVector": "NETWORK", "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N", "integrityImpact": "LOW", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "NONE", "privilegesRequired": "NONE", "confidentialityImpact": "LOW"}}, {"other": {"type": "ssvc", "content": {"id": "CVE-2025-1013", "role": "CISA Coordinator", "options": [{"Exploitation": "none"}, {"Automatable": "yes"}, {"Technical Impact": "partial"}], "version": "2.0.3", "timestamp": "2025-02-04T21:11:49.089593Z"}}}], "problemTypes": [{"descriptions": [{"lang": "en", "type": "CWE", "cweId": "CWE-362", "description": "CWE-362 Concurrent Execution using Shared Resource with Improper Synchronization ('Race Condition')"}]}], "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2025-02-04T21:12:26.026Z"}}], "cna": {"credits": [{"lang": "en", "value": "Maruf Bin Murtuza"}], "affected": [{"vendor": "Mozilla", "product": "Firefox", "versions": [{"status": "affected", "version": "unspecified", "lessThan": "135", "versionType": "custom"}]}, {"vendor": "Mozilla", "product": "Firefox ESR", "versions": [{"status": "affected", "version": "unspecified", "lessThan": "128.7", "versionType": "custom"}]}, {"vendor": "Mozilla", "product": "Thunderbird", "versions": [{"status": "affected", "version": "unspecified", "lessThan": "128.7", "versionType": "custom"}]}, {"vendor": "Mozilla", "product": "Thunderbird", "versions": [{"status": "affected", "version": "unspecified", "lessThan": "135", "versionType": "custom"}]}], "references": [{"url": "https://bugzilla.mozilla.org/show_bug.cgi?id=1932555"}, {"url": "https://www.mozilla.org/security/advisories/mfsa2025-07/"}, {"url": "https://www.mozilla.org/security/advisories/mfsa2025-09/"}, {"url": "https://www.mozilla.org/security/advisories/mfsa2025-10/"}, {"url": "https://www.mozilla.org/security/advisories/mfsa2025-11/"}], "descriptions": [{"lang": "en", "value": "A race condition could have led to private browsing tabs being opened in normal browsing windows. This could have resulted in a potential privacy leak. This vulnerability affects Firefox < 135, Firefox ESR < 128.7, Thunderbird < 128.7, and Thunderbird < 135.", "supportingMedia": [{"type": "text/html", "value": "A race condition could have led to private browsing tabs being opened in normal browsing windows. This could have resulted in a potential privacy leak. This vulnerability affects Firefox < 135, Firefox ESR < 128.7, Thunderbird < 128.7, and Thunderbird < 135.", "base64": false}]}], "problemTypes": [{"descriptions": [{"lang": "en", "type": "text", "description": "Potential opening of private browsing tabs in normal browsing windows"}]}], "providerMetadata": {"orgId": "f16b083a-5664-49f3-a51e-8d479e5ed7fe", "shortName": "mozilla", "dateUpdated": "2025-02-04T13:58:54.445Z"}}}, "cveMetadata": {"cveId": "CVE-2025-1013", "state": "PUBLISHED", "dateUpdated": "2025-02-04T21:12:39.606Z", "dateReserved": "2025-02-04T07:26:34.165Z", "assignerOrgId": "f16b083a-5664-49f3-a51e-8d479e5ed7fe", "datePublished": "2025-02-04T13:58:54.445Z", "assignerShortName": "mozilla"}, "dataVersion": "5.1"}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:mozilla:firefox:*:*:*:*:esr:*:*:*", "matchCriteriaId": "B1B11C09-3033-44F5-ACC7-591196075CB1", "versionEndExcluding": "128.7.0", "vulnerable": true}, {"criteria": "cpe:2.3:a:mozilla:firefox:*:*:*:*:*:*:*:*", "matchCriteriaId": "BADF1FB6-FA36-4AD1-B176-0DD893E0CD9A", "versionEndExcluding": "135.0", "vulnerable": true}, {"criteria": "cpe:2.3:a:mozilla:thunderbird:*:*:*:*:*:*:*:*", "matchCriteriaId": "1E4B98F4-AC9B-402A-B7D2-829373BFBD66", "versionEndExcluding": "128.7.0", "vulnerable": true}, {"criteria": "cpe:2.3:a:mozilla:thunderbird:*:*:*:*:*:*:*:*", "matchCriteriaId": "5E83B28A-FF6A-4C0A-B5BD-1CE5DEC24C64", "versionEndExcluding": "135.0", "versionStartIncluding": "129.0", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "cveTags": [], "descriptions": [{"lang": "en", "value": "A race condition could have led to private browsing tabs being opened in normal browsing windows. This could have resulted in a potential privacy leak. This vulnerability affects Firefox < 135, Firefox ESR < 128.7, Thunderbird < 128.7, and Thunderbird < 135."}, {"lang": "es", "value": "Una condici\u00f3n ejecuci\u00f3n podr\u00eda haber provocado que se abrieran pesta\u00f1as de navegaci\u00f3n privada en ventanas de navegaci\u00f3n normales. Esto podr\u00eda haber provocado una posible fuga de privacidad. Esta vulnerabilidad afecta a Firefox < 135, Firefox ESR < 128.7, Thunderbird < 128.7 y Thunderbird < 135."}], "id": "CVE-2025-1013", "lastModified": "2025-04-08T12:26:22.417", "metrics": {"cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 6.5, "baseSeverity": "MEDIUM", "confidentialityImpact": "LOW", "integrityImpact": "LOW", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N", "version": "3.1"}, "exploitabilityScore": 3.9, "impactScore": 2.5, "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "type": "Secondary"}]}, "published": "2025-02-04T14:15:32.123", "references": [{"source": "security@mozilla.org", "tags": ["Issue Tracking"], "url": "https://bugzilla.mozilla.org/show_bug.cgi?id=1932555"}, {"source": "security@mozilla.org", "tags": ["Vendor Advisory"], "url": "https://www.mozilla.org/security/advisories/mfsa2025-07/"}, {"source": "security@mozilla.org", "tags": ["Vendor Advisory"], "url": "https://www.mozilla.org/security/advisories/mfsa2025-09/"}, {"source": "security@mozilla.org", "tags": ["Vendor Advisory"], "url": "https://www.mozilla.org/security/advisories/mfsa2025-10/"}, {"source": "security@mozilla.org", "tags": ["Vendor Advisory"], "url": "https://www.mozilla.org/security/advisories/mfsa2025-11/"}], "sourceIdentifier": "security@mozilla.org", "vulnStatus": "Analyzed", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-362"}], "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "type": "Secondary"}]}

{"affected_release": [{"advisory": "RHSA-2025:1132", "cpe": "cpe:/o:redhat:rhel_els:7", "package": "firefox-0:128.7.0-1.el7_9", "product_name": "Red Hat Enterprise Linux 7 Extended Lifecycle Support", "release_date": "2025-02-06T00:00:00Z"}, {"advisory": "RHSA-2025:1283", "cpe": "cpe:/a:redhat:enterprise_linux:8", "package": "firefox-0:128.7.0-1.el8_10", "product_name": "Red Hat Enterprise Linux 8", "release_date": "2025-02-11T00:00:00Z"}, {"advisory": "RHSA-2025:1292", "cpe": "cpe:/a:redhat:enterprise_linux:8", "package": "thunderbird-0:128.7.0-1.el8_10", "product_name": "Red Hat Enterprise Linux 8", "release_date": "2025-02-11T00:00:00Z"}, {"advisory": "RHSA-2025:1133", "cpe": "cpe:/a:redhat:rhel_aus:8.2", "package": "firefox-0:128.7.0-1.el8_2", "product_name": "Red Hat Enterprise Linux 8.2 Advanced Update Support", "release_date": "2025-02-06T00:00:00Z"}, {"advisory": "RHSA-2025:1348", "cpe": "cpe:/a:redhat:rhel_aus:8.2", "package": "thunderbird-0:128.7.0-1.el8_2", "product_name": "Red Hat Enterprise Linux 8.2 Advanced Update Support", "release_date": "2025-02-12T00:00:00Z"}, {"advisory": "RHSA-2025:1135", "cpe": "cpe:/a:redhat:rhel_aus:8.4", "package": "firefox-0:128.7.0-1.el8_4", "product_name": "Red Hat Enterprise Linux 8.4 Advanced Mission Critical Update Support", "release_date": "2025-02-06T00:00:00Z"}, {"advisory": "RHSA-2025:1339", "cpe": "cpe:/a:redhat:rhel_aus:8.4", "package": "thunderbird-0:128.7.0-1.el8_4", "product_name": "Red Hat Enterprise Linux 8.4 Advanced Mission Critical Update Support", "release_date": "2025-02-12T00:00:00Z"}, {"advisory": "RHSA-2025:1135", "cpe": "cpe:/a:redhat:rhel_tus:8.4", "package": "firefox-0:128.7.0-1.el8_4", "product_name": "Red Hat Enterprise Linux 8.4 Telecommunications Update Service", "release_date": "2025-02-06T00:00:00Z"}, {"advisory": "RHSA-2025:1339", "cpe": "cpe:/a:redhat:rhel_tus:8.4", "package": "thunderbird-0:128.7.0-1.el8_4", "product_name": "Red Hat Enterprise Linux 8.4 Telecommunications Update Service", "release_date": "2025-02-12T00:00:00Z"}, {"advisory": "RHSA-2025:1135", "cpe": "cpe:/a:redhat:rhel_e4s:8.4", "package": "firefox-0:128.7.0-1.el8_4", "product_name": "Red Hat Enterprise Linux 8.4 Update Services for SAP Solutions", "release_date": "2025-02-06T00:00:00Z"}, {"advisory": "RHSA-2025:1339", "cpe": "cpe:/a:redhat:rhel_e4s:8.4", "package": "thunderbird-0:128.7.0-1.el8_4", "product_name": "Red Hat Enterprise Linux 8.4 Update Services for SAP Solutions", "release_date": "2025-02-12T00:00:00Z"}, {"advisory": "RHSA-2025:1136", "cpe": "cpe:/a:redhat:rhel_aus:8.6", "package": "firefox-0:128.7.0-1.el8_6", "product_name": "Red Hat Enterprise Linux 8.6 Advanced Mission Critical Update Support", "release_date": "2025-02-06T00:00:00Z"}, {"advisory": "RHSA-2025:1341", "cpe": "cpe:/a:redhat:rhel_aus:8.6", "package": "thunderbird-0:128.7.0-1.el8_6", "product_name": "Red Hat Enterprise Linux 8.6 Advanced Mission Critical Update Support", "release_date": "2025-02-12T00:00:00Z"}, {"advisory": "RHSA-2025:1136", "cpe": "cpe:/a:redhat:rhel_tus:8.6", "package": "firefox-0:128.7.0-1.el8_6", "product_name": "Red Hat Enterprise Linux 8.6 Telecommunications Update Service", "release_date": "2025-02-06T00:00:00Z"}, {"advisory": "RHSA-2025:1341", "cpe": "cpe:/a:redhat:rhel_tus:8.6", "package": "thunderbird-0:128.7.0-1.el8_6", "product_name": "Red Hat Enterprise Linux 8.6 Telecommunications Update Service", "release_date": "2025-02-12T00:00:00Z"}, {"advisory": "RHSA-2025:1136", "cpe": "cpe:/a:redhat:rhel_e4s:8.6", "package": "firefox-0:128.7.0-1.el8_6", "product_name": "Red Hat Enterprise Linux 8.6 Update Services for SAP Solutions", "release_date": "2025-02-06T00:00:00Z"}, {"advisory": "RHSA-2025:1341", "cpe": "cpe:/a:redhat:rhel_e4s:8.6", "package": "thunderbird-0:128.7.0-1.el8_6", "product_name": "Red Hat Enterprise Linux 8.6 Update Services for SAP Solutions", "release_date": "2025-02-12T00:00:00Z"}, {"advisory": "RHSA-2025:1137", "cpe": "cpe:/a:redhat:rhel_eus:8.8", "package": "firefox-0:128.7.0-1.el8_8", "product_name": "Red Hat Enterprise Linux 8.8 Extended Update Support", "release_date": "2025-02-06T00:00:00Z"}, {"advisory": "RHSA-2025:1340", "cpe": "cpe:/a:redhat:rhel_eus:8.8", "package": "thunderbird-0:128.7.0-1.el8_8", "product_name": "Red Hat Enterprise Linux 8.8 Extended Update Support", "release_date": "2025-02-12T00:00:00Z"}, {"advisory": "RHSA-2025:1066", "cpe": "cpe:/a:redhat:enterprise_linux:9", "package": "firefox-0:128.7.0-1.el9_5", "product_name": "Red Hat Enterprise Linux 9", "release_date": "2025-02-05T00:00:00Z"}, {"advisory": "RHSA-2025:1184", "cpe": "cpe:/a:redhat:enterprise_linux:9", "package": "thunderbird-0:128.7.0-1.el9_5", "product_name": "Red Hat Enterprise Linux 9", "release_date": "2025-02-10T00:00:00Z"}, {"advisory": "RHSA-2025:1138", "cpe": "cpe:/a:redhat:rhel_e4s:9.0", "package": "firefox-0:128.7.0-1.el9_0", "product_name": "Red Hat Enterprise Linux 9.0 Update Services for SAP Solutions", "release_date": "2025-02-06T00:00:00Z"}, {"advisory": "RHSA-2025:1319", "cpe": "cpe:/a:redhat:rhel_e4s:9.0", "package": "thunderbird-0:128.7.0-1.el9_0", "product_name": "Red Hat Enterprise Linux 9.0 Update Services for SAP Solutions", "release_date": "2025-02-11T00:00:00Z"}, {"advisory": "RHSA-2025:1139", "cpe": "cpe:/a:redhat:rhel_eus:9.2", "package": "firefox-0:128.7.0-1.el9_2", "product_name": "Red Hat Enterprise Linux 9.2 Extended Update Support", "release_date": "2025-02-06T00:00:00Z"}, {"advisory": "RHSA-2025:1317", "cpe": "cpe:/a:redhat:rhel_eus:9.2", "package": "thunderbird-0:128.7.0-1.el9_2", "product_name": "Red Hat Enterprise Linux 9.2 Extended Update Support", "release_date": "2025-02-11T00:00:00Z"}, {"advisory": "RHSA-2025:1140", "cpe": "cpe:/a:redhat:rhel_eus:9.4", "package": "firefox-0:128.7.0-1.el9_4", "product_name": "Red Hat Enterprise Linux 9.4 Extended Update Support", "release_date": "2025-02-06T00:00:00Z"}, {"advisory": "RHSA-2025:1318", "cpe": "cpe:/a:redhat:rhel_eus:9.4", "package": "thunderbird-0:128.7.0-1.el9_4", "product_name": "Red Hat Enterprise Linux 9.4 Extended Update Support", "release_date": "2025-02-11T00:00:00Z"}], "bugzilla": {"description": "firefox: thunderbird: Potential opening of private browsing tabs in normal browsing windows", "id": "2343754", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2343754"}, "csaw": false, "cvss3": {"cvss3_base_score": "4.3", "cvss3_scoring_vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:N", "status": "verified"}, "cwe": "CWE-362", "details": ["A race condition could have led to private browsing tabs being opened in normal browsing windows. This could have resulted in a potential privacy leak. This vulnerability affects Firefox < 135, Firefox ESR < 128.7, Thunderbird < 128.7, and Thunderbird < 135."], "name": "CVE-2025-1013", "package_state": [{"cpe": "cpe:/o:redhat:enterprise_linux:6", "fix_state": "Out of support scope", "package_name": "firefox", "product_name": "Red Hat Enterprise Linux 6"}, {"cpe": "cpe:/o:redhat:enterprise_linux:6", "fix_state": "Out of support scope", "package_name": "thunderbird", "product_name": "Red Hat Enterprise Linux 6"}, {"cpe": "cpe:/o:redhat:enterprise_linux:7", "fix_state": "Out of support scope", "package_name": "thunderbird", "product_name": "Red Hat Enterprise Linux 7"}, {"cpe": "cpe:/o:redhat:enterprise_linux:9", "fix_state": "Affected", "package_name": "firefox-flatpak-container", "product_name": "Red Hat Enterprise Linux 9"}, {"cpe": "cpe:/o:redhat:enterprise_linux:9", "fix_state": "Affected", "package_name": "thunderbird-flatpak-container", "product_name": "Red Hat Enterprise Linux 9"}], "public_date": "2025-02-04T13:58:54Z", "references": ["https://www.cve.org/CVERecord?id=CVE-2025-1013\nhttps://nvd.nist.gov/vuln/detail/CVE-2025-1013\nhttps://bugzilla.mozilla.org/show_bug.cgi?id=1932555\nhttps://www.mozilla.org/security/advisories/mfsa2025-07/\nhttps://www.mozilla.org/security/advisories/mfsa2025-09/\nhttps://www.mozilla.org/security/advisories/mfsa2025-10/\nhttps://www.mozilla.org/security/advisories/mfsa2025-11/"], "statement": "Red Hat Product Security rates the severity of this flaw as determined by the Mozilla Foundation Security Advisory.", "threat_severity": "Low"}

Metrics

Attack Vector Network

Attack Complexity Low

Privileges Required None

Scope Unchanged

Confidentiality Impact Low

Integrity Impact Low

Availability Impact None

User Interaction None

Exploitation none

Automatable yes

Technical Impact partial

Affected Vendors & Products

JSON object

JSON object

JSON object

JSON object