关键信息 漏洞概述 公告日期: November 11, 2025 影响: High 产品: Firefox ESR 修复版本: Firefox ESR 140.5 漏洞详情 1. CVE-2025-13012 - 描述: Race condition in the Graphics component - 报告者: Irvan Kurniawan - 影响: High - 参考链接: Bug 1991458 2. CVE-2025-13016 - 描述: Incorrect boundary conditions in the JavaScript: WebAssembly component - 报告者: Igor Morgenstern - 影响: High - 参考链接: Bug 1992130 3. CVE-2025-13017 - 描述: Same-origin policy bypass in the DOM: Notifications component - 报告者: Mochammad Nosa Shandy Prastyo - 影响: Moderate - 参考链接: Bug 1980904 4. CVE-2025-13018 - 描述: Mitigation bypass in the DOM: Security component - 报告者: Daniel Veditz - 影响: Moderate - 参考链接: Bug 1984940 5. CVE-2025-13019 - 描述: Same-origin policy bypass in the DOM: Workers component - 报告者: Oskar L - 影响: Moderate - 参考链接: Bug 1988412 6. CVE-2025-13013 - 描述: Mitigation bypass in the DOM: Core & HTML component - 报告者: Masato Kinugawa - 影响: Moderate - 参考链接: Bug 1991945 7. CVE-2025-13020 - 描述: Use-after-free in the WebRTC: Audio/Video component - 报告者: Andreas Pehrson - 影响: Moderate - 参考链接: Bug 1995686 8. CVE-2025-13014 - 描述: Use-after-free in the Audio/Video component - 报告者: Andrew Osmond - 影响: Moderate - 参考链接: Bug 1994241 9. CVE-2025-13015 - 描述: Spoofing issue in Firefox - 报告者: Eemeli Aro - 影响: Low - 参考链接: Bug 1994164