Use-After-Free Vulnerability in Firefox WebRTC Signaling Component
CVE-2025-14321

Currently unrated

Key Information:

Vendor

Mozilla
Status
Firefox
Firefox Esr
Vendor
CVE Published:
9 December 2025

What is CVE-2025-14321?

A use-after-free vulnerability exists in the WebRTC: Signaling component of Firefox. This flaw may allow attackers to exploit memory management issues, leading to potential arbitrary code execution. The vulnerability affects versions of Firefox prior to 146 and Firefox Extended Support Release (ESR) prior to 140.6. Users are encouraged to update their browsers to mitigate any potential risks associated with this issue.

Affected Version(s)

Firefox < 146

Firefox ESR < 140.6

References

https://bugzilla.mozilla.org/show_bug.cgi?id=1992760
https://www.mozilla.org/security/advisories/mfsa2025-92/
https://www.mozilla.org/security/advisories/mfsa2025-94/

Timeline

  • Vulnerability published

  • Vulnerability Reserved

Credit

Igor Morgenstern
JSON
.
CVE-2025-14321 : Use-After-Free Vulnerability in Firefox WebRTC Signaling Component