Privilege Escalation in Firefox and Firefox ESR by Mozilla
CVE-2025-14329

8.8HIGH

Key Information:

Vendor: Mozilla
Status: Firefox; Firefox Esr; Thunderbird
Vendor: CVE Published:; 9 December 2025

What is CVE-2025-14329?

A vulnerability exists in the Netmonitor component of Firefox and Firefox ESR that allows an attacker to escalate privileges, potentially enabling unauthorized actions within the affected application. This issue affects various versions of Firefox before 146 and Firefox ESR prior to 140.6, requiring users to upgrade to secure their systems against possible exploitation.

Affected Version(s)

Firefox < 146

Firefox ESR < 140.6

Thunderbird < 146

References

https://bugzilla.mozilla.org/show_bug.cgi?id=1997018

https://www.mozilla.org/security/advisories/mfsa2025-92/

https://www.mozilla.org/security/advisories/mfsa2025-94/

CVSS V3.1

Score:

8.8

Severity:

HIGH

Confidentiality:

High

Integrity:

High

Availability:

High

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

Required

Scope:

Unchanged

Timeline

Vulnerability published
Dec 9, 2025
Vulnerability Reserved
Dec 9, 2025

Credit

satrya wira yudha

JSON