JIT Miscompilation in Firefox Affects Mozilla Products
CVE-2025-14324

9.8CRITICAL

Key Information:

Vendor: Mozilla
Status: Firefox; Firefox Esr; Thunderbird
Vendor: CVE Published:; 9 December 2025

What is CVE-2025-14324?

A JIT miscompilation vulnerability identified in the JavaScript Engine of Firefox may lead to undefined behavior. This flaw impacts various versions of Firefox, including the standard version prior to 146 and the Extended Support Release versions below 115.31 and 140.6. Users are advised to update their browsers to mitigate potential risks associated with this vulnerability, as it can interfere with the execution of JavaScript, posing security concerns that need to be addressed.

Affected Version(s)

Firefox < 146

Firefox ESR < 115.31

Firefox ESR < 140.6

References

https://bugzilla.mozilla.org/show_bug.cgi?id=1996840

https://www.mozilla.org/security/advisories/mfsa2025-92/

https://www.mozilla.org/security/advisories/mfsa2025-93/

CVSS V3.1

Score:

9.8

Severity:

CRITICAL

Confidentiality:

High

Integrity:

High

Availability:

High

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

None

Scope:

Unchanged

Timeline

Vulnerability published
Dec 9, 2025
Vulnerability Reserved
Dec 9, 2025

Credit

Lingming Zhang

JSON