Memory Safety Vulnerabilities in Mozilla Firefox and Thunderbird
CVE-2025-11714

Currently unrated

Key Information:

Vendor: Mozilla
Status: Firefox; Firefox Esr; Thunderbird
Vendor: CVE Published:; 14 October 2025

What is CVE-2025-11714?

Multiple memory safety bugs have been identified in various versions of Mozilla Firefox and Thunderbird. Affected versions include Firefox ESR 115.28, Firefox ESR 140.3, and their corresponding Thunderbird versions. These bugs have shown signs of memory corruption that could potentially be exploited to execute arbitrary code. Users are encouraged to update to newer software versions to mitigate these vulnerabilities, including Firefox ESR 115.29, Firefox ESR 140.4, and Thunderbird 140.4.

Affected Version(s)

Firefox < 144

Firefox ESR < 115.29

Firefox ESR < 140.4

References

https://bugzilla.mozilla.org/buglist.cgi?bug_id=1973699%2...

https://www.mozilla.org/security/advisories/mfsa2025-81/

https://www.mozilla.org/security/advisories/mfsa2025-82/

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Oct 14, 2025
Vulnerability Reserved
Oct 13, 2025

Credit

The Mozilla Fuzzing Team

JSON