Login Sign Up

CVE-2025-14332

7.3 HIGH
Remote Code Execution

📋 TL;DR

Memory safety bugs in Firefox and Thunderbird could allow attackers to corrupt memory and potentially execute arbitrary code. This affects all users running Firefox versions before 146 or Thunderbird versions before 146.

💻 Affected Systems

Products:
  • Mozilla Firefox
  • Mozilla Thunderbird
Versions: Firefox < 146, Thunderbird < 146
Operating Systems: Windows, Linux, macOS, Android
Default Config Vulnerable: ⚠️ Yes
Notes: All standard installations are vulnerable. No special configuration required for exploitation.

📦 What is this software?

Firefox by Mozilla

View all CVEs affecting Firefox →

Thunderbird by Mozilla

View all CVEs affecting Thunderbird →

⚠️ Risk & Real-World Impact

🔴

Worst Case

Remote code execution leading to complete system compromise, data theft, or ransomware deployment.

🟠

Likely Case

Application crashes (denial of service) or limited memory corruption that could be leveraged for further exploitation.

🟢

If Mitigated

No impact if systems are patched or isolated from untrusted content.

🌐 Internet-Facing: HIGH
🏢 Internal Only: MEDIUM

🎯 Exploit Status

Public PoC: ✅ No
Weaponized: UNKNOWN
Unauthenticated Exploit: ⚠️ Yes
Complexity: HIGH

Memory corruption bugs require significant effort to weaponize, but Firefox's widespread use makes this a valuable target.

🛠️ Fix & Mitigation

✅ Official Fix

Patch Version: Firefox 146, Thunderbird 146

Vendor Advisory: https://www.mozilla.org/security/advisories/mfsa2025-92/

Restart Required: Yes

Instructions:

1. Open Firefox/Thunderbird. 2. Click menu → Help → About Firefox/Thunderbird. 3. Allow automatic update download and installation. 4. Restart the application when prompted.

🔧 Temporary Workarounds

Disable JavaScript

all

Reduces attack surface by disabling JavaScript execution, which is commonly used in memory corruption exploits.

about:config → javascript.enabled → false

Use Content Security Policy

all

Implement CSP headers to restrict script execution from untrusted sources.

Content-Security-Policy: script-src 'self'

🧯 If You Can't Patch

  • Network segmentation: Isolate vulnerable systems from internet and untrusted networks.
  • Application control: Restrict Firefox/Thunderbird to only essential websites and disable unnecessary plugins.

🔍 How to Verify

Check if Vulnerable:

Check Firefox/Thunderbird version in Help → About. If version is less than 146, system is vulnerable.

Check Version:

firefox --version (Linux) or about:support in browser

Verify Fix Applied:

Confirm version is 146 or higher after update and restart.

📡 Detection & Monitoring

Log Indicators:

  • Application crashes with memory access violation errors
  • Unexpected child process spawning from Firefox/Thunderbird

Network Indicators:

  • Unusual outbound connections from browser processes
  • Traffic to known exploit hosting domains

SIEM Query:

process_name:firefox.exe AND (event_id:1000 OR event_id:1001) OR process_name:thunderbird.exe AND (event_id:1000 OR event_id:1001)

📊 Metadata

CVE ID: CVE-2025-14332
CVSS v3 Score: 7.3 (HIGH)
CVSS Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L
CWE: CWE-787
EPSS Score: 0.05% exploit probability (15.9th percentile)
Published: December 9, 2025
Last Updated: December 10, 2025

🔗 References

📤 Share & Export

📄 Export Markdown 📋 Export JSON

🔗 Related Vulnerabilities

If you're affected by CVE-2025-14332, you might also want to check these:

CVE-2022-43604 10.0

CVE-2022-43604 is a critical out-of-bounds write vulnerability in the OpENer EtherNet/IP stack that ...

Same vulnerability type (CWE-787)
CVE-2025-24201 10.0

This critical vulnerability allows malicious web content to break out of the Web Content sandbox via...

Same vulnerability type (CWE-787)
CVE-2020-14871 10.0

This is a critical buffer overflow vulnerability (CWE-787) in Oracle Solaris's Pluggable Authenticat...

Same vulnerability type (CWE-787)