Memory Safety Vulnerabilities in Mozilla Firefox and Thunderbird Products
CVE-2025-14333

8.1HIGH

Key Information:

Vendor: Mozilla
Status: Firefox; Firefox Esr; Thunderbird
Vendor: CVE Published:; 9 December 2025

What is CVE-2025-14333?

Recent memory safety issues in Mozilla's Firefox and Thunderbird products have been identified, notably in versions 140.5 and 145. These vulnerabilities may lead to memory corruption, posing a potential risk of arbitrary code execution. Users are advised to upgrade to updated versions, specifically Firefox ESR 140.6 and Thunderbird ESR 140.6 or later, to mitigate the risks associated with these vulnerabilities.

Affected Version(s)

Firefox < 146

Firefox ESR < 140.6

Thunderbird < 146

References

https://bugzilla.mozilla.org/buglist.cgi?bug_id=1966501%2...

https://www.mozilla.org/security/advisories/mfsa2025-92/

https://www.mozilla.org/security/advisories/mfsa2025-94/

CVSS V3.1

Score:

8.1

Severity:

HIGH

Confidentiality:

High

Integrity:

High

Availability:

High

Attack Vector:

Network

Attack Complexity:

High

Privileges Required:

None

User Interaction:

None

Scope:

Unchanged

Timeline

Vulnerability published
Dec 9, 2025
Vulnerability Reserved
Dec 9, 2025

Credit

Maurice Dauer and the Mozilla Fuzzing Team

JSON