Spoofing Vulnerability in Firefox by Mozilla
CVE-2025-14327

7.5HIGH

Key Information:

Vendor: Mozilla
Status: Firefox; Thunderbird
Vendor: CVE Published:; 9 December 2025

What is CVE-2025-14327?

A spoofing vulnerability has been identified within the Downloads Panel component of Firefox, affecting all versions prior to 146. This flaw can lead to unauthorized information being displayed to users, potentially compromising their safety and data integrity. Users are advised to update to the latest version to mitigate the risks associated with this vulnerability.

Affected Version(s)

Firefox < 146

Thunderbird < 146

References

https://bugzilla.mozilla.org/show_bug.cgi?id=1970743

https://www.mozilla.org/security/advisories/mfsa2025-92/

https://www.mozilla.org/security/advisories/mfsa2025-95/

CVSS V3.1

Score:

7.5

Severity:

HIGH

Confidentiality:

None

Integrity:

High

Availability:

None

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

None

Scope:

Unchanged

Timeline

Vulnerability published
Dec 9, 2025
Vulnerability Reserved
Dec 9, 2025

Credit

Caro Kann

JSON