CVE-2025-13015: 
NixOS vulnerability analysis and mitigation

CVE-2025-13015 is a spoofing vulnerability affecting Mozilla Firefox and Thunderbird browsers. The vulnerability was discovered by security researcher Eemeli Aro and publicly disclosed on November 11, 2025. It affects Firefox versions below 145, Firefox ESR versions below 140.5 and 115.30, Thunderbird versions below 145, and Thunderbird versions below 140.5 (Mozilla Advisory, NVD).

The vulnerability has been classified as a spoofing issue with a low impact severity rating. According to the CVSS 3.1 scoring system, it received a base score of 3.4 (LOW) with the vector string CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:C/C:L/I:N/A:N. The vulnerability is categorized under CWE-290 (Authentication Bypass by Spoofing) (NVD).

The vulnerability has been assessed as having a low impact on affected systems. While specific exploit details are not publicly available, the vulnerability could potentially lead to spoofing attacks against users of affected Firefox and Thunderbird versions (Mozilla Advisory).

Mozilla has released patches for this vulnerability in Firefox 145, Firefox ESR 140.5, Firefox ESR 115.30, Thunderbird 145, and Thunderbird 140.5. Users are advised to update to these versions or later to mitigate the vulnerability (Mozilla Advisory, Mozilla Advisory, Mozilla Advisory).