CVE-2025-14327 – This vulnerability allows attackers to spoof do... (How to Fix)

Q: How do I fix CVE-2025-14327?

1. Open Firefox/Thunderbird. 2. Click menu → Help → About Firefox/Thunderbird. 3. Allow automatic update check and installation. 4. Restart the application when prompted.

Q: What is the severity of CVE-2025-14327?

CVE-2025-14327 has a CVSS score of 7.5 (HIGH). This vulnerability allows attackers to spoof download notifications in Firefox and Thunderbird, potentially tricking users into executing malicious files. It affects all users running vulnerable versions of Firefox, Firefox ESR, Thunderbird, and Thunderbird ESR. The spoofing occurs in the Downloads Panel component where attackers can manipulate download prompts.

📋 TL;DR

This vulnerability allows attackers to spoof download notifications in Firefox and Thunderbird, potentially tricking users into executing malicious files. It affects all users running vulnerable versions of Firefox, Firefox ESR, Thunderbird, and Thunderbird ESR. The spoofing occurs in the Downloads Panel component where attackers can manipulate download prompts.

💻 Affected Systems

Products:

Firefox
Firefox ESR
Thunderbird
Thunderbird ESR

Versions: Firefox < 146, Thunderbird < 146, Firefox ESR < 140.7, Thunderbird < 140.7

Operating Systems: Windows, Linux, macOS

Default Config Vulnerable: ⚠️ Yes

Notes: All default configurations are vulnerable. No special settings required for exploitation.

📦 What is this software?

Firefox by Mozilla

View all CVEs affecting Firefox →

Thunderbird by Mozilla

View all CVEs affecting Thunderbird →

⚠️ Risk & Real-World Impact

🔴

Worst Case

Users download and execute malicious files believing they are legitimate downloads, leading to full system compromise, data theft, or ransomware infection.

🟠

Likely Case

Users are tricked into downloading malicious files that appear legitimate, potentially leading to malware installation or credential theft.

🟢

If Mitigated

With proper user awareness and security controls, users would verify downloads through other means, reducing successful exploitation.

🌐 Internet-Facing: HIGH

🏢 Internal Only: MEDIUM

🎯 Exploit Status

Public PoC: ✅ No

Weaponized: UNKNOWN

Unauthenticated Exploit: ⚠️ Yes

Complexity: LOW

Exploitation requires user interaction (clicking/downloading) but no authentication. The CWE-290 indicates authentication bypass via spoofing.

🛠️ Fix & Mitigation

✅ Official Fix

Patch Version: Firefox 146, Thunderbird 146, Firefox ESR 140.7, Thunderbird 140.7

Vendor Advisory: https://www.mozilla.org/security/advisories/mfsa2025-92/

Restart Required: Yes

Instructions:

1. Open Firefox/Thunderbird. 2. Click menu → Help → About Firefox/Thunderbird. 3. Allow automatic update check and installation. 4. Restart the application when prompted.

🔧 Temporary Workarounds

Disable automatic downloads

all

Configure browser to ask where to save files for every download

In Firefox: about:preferences → General → Downloads → Check 'Always ask you where to save files'

🧯 If You Can't Patch

Implement application whitelisting to prevent execution of unauthorized files
Deploy endpoint protection with file reputation checking and behavioral analysis

🔍 How to Verify

Check if Vulnerable:

Check browser version in About dialog (menu → Help → About Firefox/Thunderbird)

Check Version:

firefox --version or thunderbird --version

Verify Fix Applied:

Verify version is at least Firefox 146, Thunderbird 146, Firefox ESR 140.7, or Thunderbird 140.7

📡 Detection & Monitoring

Log Indicators:

Unexpected download prompts from untrusted sources
Multiple download attempts from same source with different filenames

Network Indicators:

Unusual download patterns from web servers
HTTP requests triggering multiple download prompts

SIEM Query:

source="firefox.log" OR source="thunderbird.log" AND (event="download" AND suspicious_filename=*)

📊 Metadata

CVE ID: CVE-2025-14327

CVSS v3 Score: 7.5 (HIGH)

CVSS Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N

CWE: CWE-290

EPSS Score: 0.04% exploit probability (12.7th percentile)

Published: December 9, 2025

Last Updated: January 15, 2026

🔗 References

https://bugzilla.mozilla.org/show_bug.cgi?id=1970743 Issue Tracking,Permissions Required
https://www.mozilla.org/security/advisories/mfsa2025-92/ Vendor Advisory
https://www.mozilla.org/security/advisories/mfsa2025-95/ Vendor Advisory
https://www.mozilla.org/security/advisories/mfsa2026-03/
https://www.mozilla.org/security/advisories/mfsa2026-05/

📤 Share & Export

📄 Export Markdown 📋 Export JSON

🔗 Related Vulnerabilities

If you're affected by CVE-2025-14327, you might also want to check these: