Login Sign Up

CVE-2025-14323

8.8 HIGH

📋 TL;DR

This CVE describes a privilege escalation vulnerability in the DOM Notifications component of Mozilla products. It allows attackers to elevate privileges within the browser context, potentially executing arbitrary code with higher permissions. Affected users include those running vulnerable versions of Firefox, Firefox ESR, and Thunderbird.

💻 Affected Systems

Products:
  • Firefox
  • Firefox ESR
  • Thunderbird
Versions: Firefox < 146, Firefox ESR < 115.31, Firefox ESR < 140.6, Thunderbird < 146, Thunderbird < 140.6
Operating Systems: Windows, Linux, macOS
Default Config Vulnerable: ⚠️ Yes
Notes: All default configurations are vulnerable. No special configuration required for exploitation.

📦 What is this software?

Firefox by Mozilla

View all CVEs affecting Firefox →

Firefox by Mozilla

View all CVEs affecting Firefox →

Firefox by Mozilla

View all CVEs affecting Firefox →

Thunderbird by Mozilla

View all CVEs affecting Thunderbird →

Thunderbird by Mozilla

View all CVEs affecting Thunderbird →

⚠️ Risk & Real-World Impact

🔴

Worst Case

Complete system compromise via arbitrary code execution with elevated privileges, potentially leading to data theft, ransomware deployment, or persistent backdoor installation.

🟠

Likely Case

Limited privilege escalation within the browser sandbox allowing unauthorized access to browser data, session hijacking, or installation of malicious extensions.

🟢

If Mitigated

Minimal impact if browser sandboxing works as intended, with only limited privilege elevation within the browser context.

🌐 Internet-Facing: HIGH
🏢 Internal Only: MEDIUM

🎯 Exploit Status

Public PoC: ✅ No
Weaponized: UNKNOWN
Unauthenticated Exploit: ⚠️ Yes
Complexity: MEDIUM

Exploitation requires user interaction (visiting malicious website or opening malicious email in Thunderbird).

🛠️ Fix & Mitigation

✅ Official Fix

Patch Version: Firefox 146+, Firefox ESR 115.31+, Firefox ESR 140.6+, Thunderbird 146+, Thunderbird 140.6+

Vendor Advisory: https://www.mozilla.org/security/advisories/

Restart Required: Yes

Instructions:

1. Open browser/Thunderbird. 2. Click menu → Help → About Firefox/Thunderbird. 3. Allow automatic update to complete. 4. Restart when prompted.

🔧 Temporary Workarounds

Disable JavaScript

all

Temporarily disable JavaScript to prevent exploitation via malicious websites

about:config → javascript.enabled = false

Disable Notifications

all

Disable browser notifications to mitigate the vulnerable component

about:preferences → Privacy & Security → Permissions → Notifications → Settings → Block new requests

🧯 If You Can't Patch

  • Restrict browser usage to trusted websites only
  • Implement application whitelisting to prevent unauthorized browser execution

🔍 How to Verify

Check if Vulnerable:

Check browser version in About dialog and compare against affected versions

Check Version:

firefox --version or thunderbird --version

Verify Fix Applied:

Verify version is equal to or greater than patched versions listed

📡 Detection & Monitoring

Log Indicators:

  • Unusual privilege escalation events in browser logs
  • Multiple notification permission requests from single site

Network Indicators:

  • Traffic to known malicious domains hosting exploit code
  • Unexpected outbound connections after visiting websites

SIEM Query:

source="browser_logs" AND (event="privilege_escalation" OR event="notification_exploit")

📊 Metadata

CVE ID: CVE-2025-14323
CVSS v3 Score: 8.8 (HIGH)
CVSS Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
EPSS Score: 0.05% exploit probability (14th percentile)
Published: December 9, 2025
Last Updated: December 10, 2025

🔗 References

📤 Share & Export

📄 Export Markdown 📋 Export JSON