CVE-2025-13017
HIGHDescription
Same-origin policy bypass in the DOM: Notifications component. This vulnerability was fixed in Firefox 145, Firefox ESR 140.5, Thunderbird 145, and Thunderbird 140.5.
Is your site exposed to CVE-2025-13017?
Run a free security scan — no signup, results in seconds.
CVSS v3.1 Score
Weakness Type (CWE)
Affected Products
| Vendor | Product |
|---|---|
| mozilla | firefox |
| mozilla | firefox |
References
Advisories & Patches
Frequently Asked Questions
What is CVE-2025-13017? +
How severe is CVE-2025-13017? +
What products are affected by CVE-2025-13017? +
How do I check if I'm vulnerable to CVE-2025-13017? +
Related Vulnerabilities
claude-code-router is a powerful tool to route Claude Code requests to different models and customize any request. Due to improper …
In IDF v0.10.0-0C03-03 and ZLF v0.10.0-0C03-04, a configuration error has been detected in cross-origin resource sharing (CORS). Exploiting this vulnerability …
RustFS is a distributed object storage system built in Rust. Prior to 1.0.0-beta.2, when RUSTFS_CORS_ALLOWED_ORIGINS is unset, the RustFS S3 …
Vulnerable to DNS rebinding attacks when using SSE (http://b/499408790). During the beta phase, we implemented `allowed-origins` and `allowed-hosts` flags to …
In IDF v0.10.0-0C03-03 and ZLF v0.10.0-0C03-04, a configuration error has been detected in cross-origin resource sharing (CORS). Exploiting this vulnerability …
Rob -- W / cors-anywhere instances configured as an open proxy allow unauthenticated external users to induce the server to …