{"dataType": "CVE_RECORD", "dataVersion": "5.2", "cveMetadata": {"cveId": "CVE-2025-13020", "assignerOrgId": "f16b083a-5664-49f3-a51e-8d479e5ed7fe", "state": "PUBLISHED", "assignerShortName": "mozilla", "dateReserved": "2025-11-11T15:12:22.873Z", "datePublished": "2025-11-11T15:47:17.203Z", "dateUpdated": "2026-04-13T14:26:35.933Z"}, "containers": {"cna": {"affected": [{"product": "Firefox", "vendor": "Mozilla", "versions": [{"status": "unaffected", "version": "140.5", "lessThanOrEqual": "140.*", "versionType": "rpm"}, {"status": "unaffected", "version": "145", "lessThanOrEqual": "*", "versionType": "rpm"}]}, {"product": "Thunderbird", "vendor": "Mozilla", "versions": [{"status": "unaffected", "version": "140.5", "lessThanOrEqual": "140.*", "versionType": "rpm"}, {"status": "unaffected", "version": "145", "lessThanOrEqual": "*", "versionType": "rpm"}]}], "descriptions": [{"lang": "en", "value": "Use-after-free in the WebRTC: Audio/Video component. This vulnerability was fixed in Firefox 145, Firefox ESR 140.5, Thunderbird 145, and Thunderbird 140.5.", "supportingMedia": [{"type": "text/html", "base64": false, "value": "Use-after-free in the WebRTC: Audio/Video component. This vulnerability was fixed in Firefox 145, Firefox ESR 140.5, Thunderbird 145, and Thunderbird 140.5."}]}], "title": "Use-after-free in the WebRTC: Audio/Video component", "references": [{"url": "https://bugzilla.mozilla.org/show_bug.cgi?id=1995686"}, {"url": "https://www.mozilla.org/security/advisories/mfsa2025-87/"}, {"url": "https://www.mozilla.org/security/advisories/mfsa2025-88/"}, {"url": "https://www.mozilla.org/security/advisories/mfsa2025-90/"}, {"url": "https://www.mozilla.org/security/advisories/mfsa2025-91/"}], "credits": [{"lang": "en", "value": "Andreas Pehrson"}], "providerMetadata": {"orgId": "f16b083a-5664-49f3-a51e-8d479e5ed7fe", "shortName": "mozilla", "dateUpdated": "2026-04-13T14:26:35.933Z"}}, "adp": [{"problemTypes": [{"descriptions": [{"type": "CWE", "cweId": "CWE-416", "lang": "en", "description": "CWE-416 Use After Free"}]}], "metrics": [{"cvssV3_1": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 8.8, "attackVector": "NETWORK", "baseSeverity": "HIGH", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "integrityImpact": "HIGH", "userInteraction": "REQUIRED", "attackComplexity": "LOW", "availabilityImpact": "HIGH", "privilegesRequired": "NONE", "confidentialityImpact": "HIGH"}}, {"other": {"type": "ssvc", "content": {"timestamp": "2025-11-12T14:56:55.388656Z", "id": "CVE-2025-13020", "options": [{"Exploitation": "none"}, {"Automatable": "no"}, {"Technical Impact": "total"}], "role": "CISA Coordinator", "version": "2.0.3"}}}], "title": "CISA ADP Vulnrichment", "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2025-11-25T14:47:09.378Z"}}]}}

{"dataType": "CVE_RECORD", "containers": {"adp": [{"title": "CISA ADP Vulnrichment", "metrics": [{"cvssV3_1": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 8.8, "attackVector": "NETWORK", "baseSeverity": "HIGH", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "integrityImpact": "HIGH", "userInteraction": "REQUIRED", "attackComplexity": "LOW", "availabilityImpact": "HIGH", "privilegesRequired": "NONE", "confidentialityImpact": "HIGH"}}, {"other": {"type": "ssvc", "content": {"id": "CVE-2025-13020", "role": "CISA Coordinator", "options": [{"Exploitation": "none"}, {"Automatable": "no"}, {"Technical Impact": "total"}], "version": "2.0.3", "timestamp": "2025-11-12T14:56:55.388656Z"}}}], "problemTypes": [{"descriptions": [{"lang": "en", "type": "CWE", "cweId": "CWE-416", "description": "CWE-416 Use After Free"}]}], "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2025-11-12T14:58:54.608Z"}}], "cna": {"title": "Use-after-free in the WebRTC: Audio/Video component", "credits": [{"lang": "en", "value": "Andreas Pehrson"}], "affected": [{"vendor": "Mozilla", "product": "Firefox", "versions": [{"status": "unaffected", "version": "140.5", "versionType": "rpm", "lessThanOrEqual": "140.*"}, {"status": "unaffected", "version": "145", "versionType": "rpm", "lessThanOrEqual": "*"}]}, {"vendor": "Mozilla", "product": "Thunderbird", "versions": [{"status": "unaffected", "version": "140.5", "versionType": "rpm", "lessThanOrEqual": "140.*"}, {"status": "unaffected", "version": "145", "versionType": "rpm", "lessThanOrEqual": "*"}]}], "references": [{"url": "https://bugzilla.mozilla.org/show_bug.cgi?id=1995686"}, {"url": "https://www.mozilla.org/security/advisories/mfsa2025-87/"}, {"url": "https://www.mozilla.org/security/advisories/mfsa2025-88/"}, {"url": "https://www.mozilla.org/security/advisories/mfsa2025-90/"}, {"url": "https://www.mozilla.org/security/advisories/mfsa2025-91/"}], "descriptions": [{"lang": "en", "value": "Use-after-free in the WebRTC: Audio/Video component. This vulnerability was fixed in Firefox 145, Firefox ESR 140.5, Thunderbird 145, and Thunderbird 140.5.", "supportingMedia": [{"type": "text/html", "value": "Use-after-free in the WebRTC: Audio/Video component. This vulnerability was fixed in Firefox 145, Firefox ESR 140.5, Thunderbird 145, and Thunderbird 140.5.", "base64": false}]}], "providerMetadata": {"orgId": "f16b083a-5664-49f3-a51e-8d479e5ed7fe", "shortName": "mozilla", "dateUpdated": "2026-04-13T14:26:35.933Z"}}}, "cveMetadata": {"cveId": "CVE-2025-13020", "state": "PUBLISHED", "dateUpdated": "2026-04-13T14:26:35.933Z", "dateReserved": "2025-11-11T15:12:22.873Z", "assignerOrgId": "f16b083a-5664-49f3-a51e-8d479e5ed7fe", "datePublished": "2025-11-11T15:47:17.203Z", "assignerShortName": "mozilla"}, "dataVersion": "5.2"}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:mozilla:firefox:*:*:*:*:esr:*:*:*", "matchCriteriaId": "D77916A6-B8C6-475D-8D77-D5D3AA1E1F43", "versionEndExcluding": "140.5.0", "vulnerable": true}, {"criteria": "cpe:2.3:a:mozilla:firefox:*:*:*:*:-:*:*:*", "matchCriteriaId": "445D5AED-0882-46FE-A5F1-B7148B923221", "versionEndExcluding": "145.0", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "cveTags": [], "descriptions": [{"lang": "en", "value": "Use-after-free in the WebRTC: Audio/Video component. This vulnerability was fixed in Firefox 145, Firefox ESR 140.5, Thunderbird 145, and Thunderbird 140.5."}], "id": "CVE-2025-13020", "lastModified": "2026-04-13T15:16:43.353", "metrics": {"cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 8.8, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "REQUIRED", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "version": "3.1"}, "exploitabilityScore": 2.8, "impactScore": 5.9, "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "type": "Secondary"}]}, "published": "2025-11-11T16:15:39.097", "references": [{"source": "security@mozilla.org", "tags": ["Permissions Required"], "url": "https://bugzilla.mozilla.org/show_bug.cgi?id=1995686"}, {"source": "security@mozilla.org", "tags": ["Vendor Advisory"], "url": "https://www.mozilla.org/security/advisories/mfsa2025-87/"}, {"source": "security@mozilla.org", "tags": ["Vendor Advisory"], "url": "https://www.mozilla.org/security/advisories/mfsa2025-88/"}, {"source": "security@mozilla.org", "url": "https://www.mozilla.org/security/advisories/mfsa2025-90/"}, {"source": "security@mozilla.org", "url": "https://www.mozilla.org/security/advisories/mfsa2025-91/"}], "sourceIdentifier": "security@mozilla.org", "vulnStatus": "Modified", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-416"}], "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "type": "Secondary"}]}

{"bugzilla": {"description": "firefox: Use-after-free in the WebRTC: Audio/Video component", "id": "2414085", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2414085"}, "csaw": false, "cvss3": {"cvss3_base_score": "6.1", "cvss3_scoring_vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N", "status": "draft"}, "cwe": "CWE-825", "details": ["No description is available for this CVE."], "name": "CVE-2025-13020", "package_state": [{"cpe": "cpe:/o:redhat:enterprise_linux:10", "fix_state": "Affected", "package_name": "firefox", "product_name": "Red Hat Enterprise Linux 10"}, {"cpe": "cpe:/o:redhat:enterprise_linux:10", "fix_state": "Affected", "package_name": "rhel10/firefox-flatpak", "product_name": "Red Hat Enterprise Linux 10"}, {"cpe": "cpe:/o:redhat:enterprise_linux:6", "fix_state": "Out of support scope", "package_name": "firefox", "product_name": "Red Hat Enterprise Linux 6"}, {"cpe": "cpe:/o:redhat:enterprise_linux:7", "fix_state": "Affected", "package_name": "firefox", "product_name": "Red Hat Enterprise Linux 7"}, {"cpe": "cpe:/o:redhat:enterprise_linux:8", "fix_state": "Affected", "package_name": "firefox", "product_name": "Red Hat Enterprise Linux 8"}, {"cpe": "cpe:/o:redhat:enterprise_linux:9", "fix_state": "Affected", "package_name": "firefox", "product_name": "Red Hat Enterprise Linux 9"}], "public_date": "2025-11-11T15:47:17Z", "references": ["https://www.cve.org/CVERecord?id=CVE-2025-13020\nhttps://nvd.nist.gov/vuln/detail/CVE-2025-13020\nhttps://www.mozilla.org/security/advisories/mfsa2025-88/#CVE-2025-13020"], "statement": "Red Hat Product Security rates the severity of this flaw as determined by the Mozilla Foundation Security Advisory.", "threat_severity": "Moderate"}

{"analysis": {"en": {"generated_at": "2026-04-20T21:36:37.418223+00:00", "value": {"mitigation_remediation": ["Upgrade to Mozilla Firefox 145 or newer, or Firefox ES\u2011R 140.5 or newer, and to Mozilla Thunderbird 145 or newer, or Thunderbird ES\u2011R 140.5 or newer, to apply the vendor\u2019s patch.", "If an immediate upgrade is not possible, disable WebRTC in the browser settings or install a trusted privacy extension that rejects WebRTC streams to stop the flaw from being exercised.", "Enable automatic updates or routinely check Mozilla\u2019s security advisories for future patches to keep the system protected."], "summary": {"action": "Patch immediately", "impact": "Use\u2011after\u2011free in the WebRTC Audio/Video component, potentially allowing arbitrary code execution or an application crash"}, "threat_synthesis": {"affected_systems": "This vulnerability affects Mozilla Firefox versions prior to 145, including Firefox ES\u2011R versions before 140.5, and also Mozilla Thunderbird versions before 145 and Thunderbird ES\u2011R before 140.5. Users running any of the affected releases of these browsers are exposed.", "description_and_impact": "The vulnerability is a use\u2011after\u2011free error in the WebRTC audio and video processing component that can corrupt memory after a reference to freed memory is accessed. This flaw falls under CWE\u2011416 and CWE\u2011825 and could enable an attacker to execute arbitrary code, compromise the host or cause a denial of service by crashing the application. The official description does not cite a specific exploitation path, but the high CVSS score reflects the potential for severe impact.", "risk_and_exploitability": "The CVSS score of 8.8 classifies the flaw as high severity, while an EPSS score of less than 1\u202f% indicates that active exploitation attempts are currently uncommon. Because the bug resides in client\u2011side media handling, an attacker would typically need a victim to load a crafted WebRTC stream, such as by visiting a malicious website or opening a malicious attachment. Based on the description, it is inferred that the likely attack vector is to lure a user into processing a malicious WebRTC stream. This scenario is not listed in the CISA KEV catalog, but the combination of high severity and the possibility of remote code execution warrants preemptive mitigation."}}}}, "created": "2025-11-12T12:42:24.643374+00:00", "updated": "2026-04-20T21:45:18.964569+00:00", "vendors": ["mozilla", "mozilla$PRODUCT$firefox", "mozilla$PRODUCT$firefox_esr"]}