Use-After-Free Vulnerability in Firefox WebRTC Signaling Component
CVE-2025-14321

9.8CRITICAL

Key Information:

Vendor: Mozilla
Status: Firefox; Firefox Esr; Thunderbird
Vendor: CVE Published:; 9 December 2025

What is CVE-2025-14321?

A use-after-free vulnerability exists in the WebRTC: Signaling component of Firefox. This flaw may allow attackers to exploit memory management issues, leading to potential arbitrary code execution. The vulnerability affects versions of Firefox prior to 146 and Firefox Extended Support Release (ESR) prior to 140.6. Users are encouraged to update their browsers to mitigate any potential risks associated with this issue.

Affected Version(s)

Firefox < 146

Firefox ESR < 140.6

Thunderbird < 146

References

https://bugzilla.mozilla.org/show_bug.cgi?id=1992760

https://www.mozilla.org/security/advisories/mfsa2025-92/

https://www.mozilla.org/security/advisories/mfsa2025-94/

CVSS V3.1

Score:

9.8

Severity:

CRITICAL

Confidentiality:

High

Integrity:

High

Availability:

High

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

None

Scope:

Unchanged

Timeline

Vulnerability published
Dec 9, 2025
Vulnerability Reserved
Dec 9, 2025

Credit

Igor Morgenstern

JSON

Mozilla

What is CVE-2025-14321?

Affected Version(s)

References

CVSS V3.1

Timeline

Credit