Memory safety bugs fixed in Firefox ESR 140.6, Thunderbird ESR...

8.1 / 10

HIGH

CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H

Description

Memory safety bugs present in Firefox ESR 140.5, Thunderbird ESR 140.5, Firefox 145 and Thunderbird 145. Some of these bugs showed evidence of memory corruption and we presume that with enough effort some of these could have been exploited to run arbitrary code. This vulnerability affects Firefox < 146 and Firefox ESR < 140.6.

Basic Information

ID CVE-2025-14333

Source mozilla

Published Dec 9, 2025 at 13:38

Modified Dec 9, 2025 at 15:24

Affected Product

Vendor Mozilla

Product Firefox

Version unspecified

Affected Versions Mozilla Firefox unspecified
Mozilla Firefox ESR unspecified

References

{
    "lastseen": "",
    "description": "Memory safety bugs present in Firefox ESR 140.5, Thunderbird ESR 140.5, Firefox 145 and Thunderbird 145. Some of these bugs showed evidence of memory corruption and we presume that with enough effort some of these could have been exploited to run arbitrary code. This vulnerability affects Firefox < 146 and Firefox ESR < 140.6.",
    "published": "2025-12-09T13:38:09.979Z",
    "modified": "2025-12-09T15:24:59.449Z",
    "type": "cve",
    "title": "Memory safety bugs fixed in Firefox ESR 140.6, Thunderbird ESR 140.6, Firefox 146 and Thunderbird 146",
    "source": "mozilla",
    "references": "https://bugzilla.mozilla.org/buglist.cgi?bug_id=1966501%2C1997639\nhttps://www.mozilla.org/security/advisories/mfsa2025-92/\nhttps://www.mozilla.org/security/advisories/mfsa2025-94/",
    "id": "CVE-2025-14333",
    "bulletinFamily": "",
    "cwe": null,
    "cvelist": null,
    "sourceData": "Mozilla Firefox unspecified\nMozilla Firefox ESR unspecified",
    "sourceHref": "",
    "cvss": {
        "score": 8.1,
        "severity": "HIGH",
        "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H",
        "version": "3.1"
    },
    "cvss2": [],
    "cvss3": {
        "version": "",
        "vectorString": "",
        "baseScore": 0,
        "baseSeverity": "",
        "attackVector": "",
        "attackComplexity": "",
        "privilegesRequired": "",
        "userInteraction": "",
        "scope": "",
        "confidentialityImpact": "",
        "integrityImpact": "",
        "availabilityImpact": "",
        "cvssV3": {
            "version": "",
            "vectorString": "",
            "baseScore": 0,
            "baseSeverity": "",
            "attackVector": "",
            "attackComplexity": "",
            "privilegesRequired": "",
            "userInteraction": "",
            "scope": "",
            "confidentialityImpact": "",
            "integrityImpact": "",
            "availabilityImpact": ""
        }
    },
    "href": "",
    "category_name": "CVE",
    "post_link": "",
    "product": "Firefox",
    "version": "unspecified",
    "vendor": "Mozilla",
    "ai_description": "",
    "ai_severity": "",
    "ai_vendor": "",
    "ai_product": "",
    "ai_version": "",
    "ai_score": 0
}

Memory safety bugs fixed in Firefox ESR 140.6, Thunderbird ESR 140.6, Firefox 146 and Thunderbird 146_CVE-2025-14333

Description

Basic Information

Affected Product

References

💭 Join the Security Discussion ❌ Cancel Reply