VYPR
← All advisories
High severity8.8NVD Advisory· Published Dec 9, 2025· Updated Apr 13, 2026

CVE-2025-14329

CVE-2025-14329

Description

Privilege escalation in the Netmonitor component. This vulnerability was fixed in Firefox 146, Firefox ESR 140.6, Thunderbird 146, and Thunderbird 140.6.

AI Insight

LLM-synthesized narrative grounded in this CVE's description and references.

Privilege escalation in Firefox/Thunderbird Netmonitor component allows attackers to gain elevated privileges; fixed in Firefox 146, ESR 140.6, Thunderbird 146/140.6.

CVE-2025-14329 is a privilege escalation vulnerability in the Netmonitor component of Firefox and Thunderbird. The Netmonitor is part of the browser's developer tools, and the flaw allows an attacker to bypass security restrictions and gain elevated privileges within the browser context [1][2].

The vulnerability can be triggered by a malicious webpage or in browser-like contexts. In Thunderbird, scripting is disabled when reading email, so exploitation via email is unlikely, but it remains a risk in browser contexts [1][3]. An attacker would need to convince a user to interact with a crafted page or use the developer tools.

Successful exploitation could allow an attacker to escalate privileges, potentially leading to arbitrary code execution or sandbox escape. The CVSS score is 8.8 (High) [2].

Mozilla has addressed this vulnerability in Firefox 146, Firefox ESR 140.6, Thunderbird 146, and Thunderbird 140.6. Users are advised to update to these versions [1][2][3][4].

References
  1. Security Vulnerabilities fixed in Thunderbird 146
  2. Security Vulnerabilities fixed in Firefox 146
  3. Security Vulnerabilities fixed in Thunderbird 140.6
  4. Security Vulnerabilities fixed in Firefox ESR 140.6

AI Insight generated on May 19, 2026. Synthesized from this CVE's description and the cited reference URLs; citations are validated against the source bundle.

Affected products

7
  • Mozilla Corporation/Firefox3 versions
    cpe:2.3:a:mozilla:firefox:*:*:*:*:-:*:*:*+ 2 more
    • cpe:2.3:a:mozilla:firefox:*:*:*:*:-:*:*:*range: <146.0
    • cpe:2.3:a:mozilla:firefox:*:*:*:*:esr:*:*:*range: <140.6.0
    • (no CPE)range: <146
  • Mozilla Corporation/Thunderbird3 versions
    cpe:2.3:a:mozilla:thunderbird:*:*:*:*:-:*:*:*+ 2 more
    • cpe:2.3:a:mozilla:thunderbird:*:*:*:*:-:*:*:*range: <146.0
    • cpe:2.3:a:mozilla:thunderbird:*:*:*:*:esr:*:*:*range: <140.6.0
    • (no CPE)range: <146
  • Mozilla Corporation/Firefox Esrllm-fuzzy
    Range: <140.6

Patches

0

No patches discovered yet.

Vulnerability mechanics

AI mechanics synthesis has not run for this CVE yet.

References

5

News mentions

0

No linked articles in our index yet.