Login Sign Up

CVE-2025-14328

8.8 HIGH

📋 TL;DR

This CVE describes a privilege escalation vulnerability in the Netmonitor component of Mozilla products. It allows attackers to gain elevated privileges on affected systems. The vulnerability affects Firefox, Firefox ESR, Thunderbird, and Thunderbird ESR users running outdated versions.

💻 Affected Systems

Products:
  • Firefox
  • Firefox ESR
  • Thunderbird
  • Thunderbird ESR
Versions: Firefox < 146, Firefox ESR < 140.6, Thunderbird < 146, Thunderbird < 140.6
Operating Systems: Windows, macOS, Linux
Default Config Vulnerable: ⚠️ Yes
Notes: All default configurations of affected versions are vulnerable; no special configuration required for exploitation.

📦 What is this software?

Firefox by Mozilla

View all CVEs affecting Firefox →

Firefox by Mozilla

View all CVEs affecting Firefox →

Thunderbird by Mozilla

View all CVEs affecting Thunderbird →

Thunderbird by Mozilla

View all CVEs affecting Thunderbird →

⚠️ Risk & Real-World Impact

🔴

Worst Case

An attacker could gain full system control, execute arbitrary code with elevated privileges, and compromise the entire system.

🟠

Likely Case

Attackers could bypass security restrictions, access sensitive data, or perform unauthorized actions within the browser context.

🟢

If Mitigated

With proper patching and security controls, the risk is limited to unpatched systems; patched systems are not vulnerable.

🌐 Internet-Facing: HIGH
🏢 Internal Only: MEDIUM

🎯 Exploit Status

Public PoC: ✅ No
Weaponized: UNKNOWN
Unauthenticated Exploit: ✅ No
Complexity: MEDIUM

Exploitation likely requires some user interaction or initial access; no public exploit code is available at this time.

🛠️ Fix & Mitigation

✅ Official Fix

Patch Version: Firefox 146+, Firefox ESR 140.6+, Thunderbird 146+, Thunderbird ESR 140.6+

Vendor Advisory: https://www.mozilla.org/security/advisories/mfsa2025-92/

Restart Required: Yes

Instructions:

1. Open the affected application (Firefox/Thunderbird). 2. Go to Help > About Firefox/Thunderbird. 3. Allow the application to check for and install updates. 4. Restart the application when prompted.

🔧 Temporary Workarounds

Disable Netmonitor Component

all

Temporarily disable the Netmonitor component to reduce attack surface.

about:config
Set 'devtools.netmonitor.enabled' to false

🧯 If You Can't Patch

  • Restrict user privileges to limit potential damage from exploitation.
  • Implement application whitelisting to prevent unauthorized execution.

🔍 How to Verify

Check if Vulnerable:

Check the application version in Help > About Firefox/Thunderbird and compare with affected versions.

Check Version:

firefox --version or thunderbird --version

Verify Fix Applied:

Verify the application version is at or above the patched versions: Firefox 146+, Firefox ESR 140.6+, Thunderbird 146+, Thunderbird ESR 140.6+.

📡 Detection & Monitoring

Log Indicators:

  • Unusual process creation from browser processes
  • Privilege escalation attempts in system logs

Network Indicators:

  • Suspicious network activity from browser to unexpected destinations

SIEM Query:

Process creation where parent process contains 'firefox' or 'thunderbird' and child process has elevated privileges

📊 Metadata

CVE ID: CVE-2025-14328
CVSS v3 Score: 8.8 (HIGH)
CVSS Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
EPSS Score: 0.05% exploit probability (13.7th percentile)
Published: December 9, 2025
Last Updated: December 10, 2025

🔗 References

📤 Share & Export

📄 Export Markdown 📋 Export JSON