JIT Miscompilation Vulnerability in Firefox by Mozilla
CVE-2025-14330

9.8CRITICAL

Key Information:

Vendor: Mozilla
Status: Firefox; Firefox Esr; Thunderbird
Vendor: CVE Published:; 9 December 2025

What is CVE-2025-14330?

A vulnerability has been identified in the JavaScript Engine's Just-In-Time (JIT) compilation component of Firefox, which could lead to improper execution of JavaScript code. This can potentially allow an attacker to exploit the flaw to compromise the integrity and security of affected user systems. Users running versions prior to Firefox 146 and Firefox ESR versions below 140.6 should be particularly cautious, as they are susceptible to this issue.

Affected Version(s)

Firefox < 146

Firefox ESR < 140.6

Thunderbird < 146

References

https://bugzilla.mozilla.org/show_bug.cgi?id=1997503

https://www.mozilla.org/security/advisories/mfsa2025-92/

https://www.mozilla.org/security/advisories/mfsa2025-94/

CVSS V3.1

Score:

9.8

Severity:

CRITICAL

Confidentiality:

High

Integrity:

High

Availability:

High

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

None

Scope:

Unchanged

Timeline

Vulnerability published
Dec 9, 2025
Vulnerability Reserved
Dec 9, 2025

Credit

Rong Bao

JSON