FreeBSD VuXML: Documenting security issues in FreeBSD and the FreeBSD Ports Collection

firefox -- Use-after-free

Affected packages
	firefox	<	145.0.0,2
	firefox-esr	<	140.5

Details

VuXML ID	c894635c-c0b6-11f0-ab42-b42e991fc52e
Discovery	2025-11-11
Entry	2025-11-13

https://bugzilla.mozilla.org/show_bug.cgi?id=1995686 reports:

Use-after-free in the WebRTC: Audio/Video component.

Same-origin policy bypass in the DOM: Workers component.

Mitigation bypass in the DOM: Security component.

Same-origin policy bypass in the DOM: Notifications component.

Incorrect boundary conditions in the JavaScript: WebAssembly component.

Spoofing issue in Firefox.

Use-after-free in the Audio/Video component.

Mitigation bypass in the DOM: Core and HTML component.

Race condition in the Graphics component.

[source]

References

CVE Name	CVE-2025-13012
CVE Name	CVE-2025-13013
CVE Name	CVE-2025-13014
CVE Name	CVE-2025-13015
CVE Name	CVE-2025-13016
CVE Name	CVE-2025-13017
CVE Name	CVE-2025-13018
CVE Name	CVE-2025-13019
CVE Name	CVE-2025-13020
URL	https://cveawg.mitre.org/api/cve/CVE-2025-13012
URL	https://cveawg.mitre.org/api/cve/CVE-2025-13013
URL	https://cveawg.mitre.org/api/cve/CVE-2025-13014
URL	https://cveawg.mitre.org/api/cve/CVE-2025-13015
URL	https://cveawg.mitre.org/api/cve/CVE-2025-13016
URL	https://cveawg.mitre.org/api/cve/CVE-2025-13017
URL	https://cveawg.mitre.org/api/cve/CVE-2025-13018
URL	https://cveawg.mitre.org/api/cve/CVE-2025-13019
URL	https://cveawg.mitre.org/api/cve/CVE-2025-13020