JIT Miscompilation Vulnerability in Firefox by Mozilla
CVE-2025-14330

Currently unrated

Key Information:

Vendor: Mozilla
Status: Firefox; Firefox Esr
Vendor: CVE Published:; 9 December 2025

What is CVE-2025-14330?

A vulnerability has been identified in the JavaScript Engine's Just-In-Time (JIT) compilation component of Firefox, which could lead to improper execution of JavaScript code. This can potentially allow an attacker to exploit the flaw to compromise the integrity and security of affected user systems. Users running versions prior to Firefox 146 and Firefox ESR versions below 140.6 should be particularly cautious, as they are susceptible to this issue.

Affected Version(s)

Firefox < 146

Firefox ESR < 140.6

References

https://bugzilla.mozilla.org/show_bug.cgi?id=1997503

https://www.mozilla.org/security/advisories/mfsa2025-92/

https://www.mozilla.org/security/advisories/mfsa2025-94/

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Dec 9, 2025
Vulnerability Reserved
Dec 9, 2025

Credit

Rong Bao

JSON