Memory Safety Vulnerabilities in Mozilla Firefox and Thunderbird
CVE-2025-11714

8.8HIGH

Key Information:

Vendor: Mozilla
Status: Firefox; Firefox Esr; Thunderbird
Vendor: CVE Published:; 14 October 2025

What is CVE-2025-11714?

Multiple memory safety bugs have been identified in various versions of Mozilla Firefox and Thunderbird. Affected versions include Firefox ESR 115.28, Firefox ESR 140.3, and their corresponding Thunderbird versions. These bugs have shown signs of memory corruption that could potentially be exploited to execute arbitrary code. Users are encouraged to update to newer software versions to mitigate these vulnerabilities, including Firefox ESR 115.29, Firefox ESR 140.4, and Thunderbird 140.4.

Affected Version(s)

Firefox < 144

Firefox ESR < 115.29

Firefox ESR < 140.4

References

https://bugzilla.mozilla.org/buglist.cgi?bug_id=1973699%2...

https://www.mozilla.org/security/advisories/mfsa2025-81/

https://www.mozilla.org/security/advisories/mfsa2025-82/

CVSS V3.1

Score:

8.8

Severity:

HIGH

Confidentiality:

High

Integrity:

High

Availability:

High

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

Required

Scope:

Unchanged

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Oct 14, 2025
Vulnerability Reserved
Oct 13, 2025

Credit

The Mozilla Fuzzing Team

JSON