Medium severity6.5NVD Advisory· Published Dec 9, 2025· Updated Apr 13, 2026
CVE-2025-14331
CVE-2025-14331
Description
Same-origin policy bypass in the Request Handling component. This vulnerability was fixed in Firefox 146, Firefox ESR 115.31, Firefox ESR 140.6, Thunderbird 146, and Thunderbird 140.6.
Affected products
4cpe:2.3:a:mozilla:firefox:*:*:*:*:esr:*:*:*+ 1 more
- cpe:2.3:a:mozilla:firefox:*:*:*:*:esr:*:*:*range: <115.31.0
- cpe:2.3:a:mozilla:firefox:*:*:*:*:-:*:*:*range: <146.0
cpe:2.3:a:mozilla:thunderbird:*:*:*:*:esr:*:*:*+ 1 more
- cpe:2.3:a:mozilla:thunderbird:*:*:*:*:esr:*:*:*range: <140.6.0
- cpe:2.3:a:mozilla:thunderbird:*:*:*:*:-:*:*:*range: <146.0
Patches
0No patches discovered yet.
Vulnerability mechanics
AI mechanics synthesis has not run for this CVE yet.
References
6- www.mozilla.org/security/advisories/mfsa2025-92/nvdVendor Advisory
- www.mozilla.org/security/advisories/mfsa2025-93/nvdVendor Advisory
- www.mozilla.org/security/advisories/mfsa2025-94/nvdVendor Advisory
- www.mozilla.org/security/advisories/mfsa2025-95/nvdVendor Advisory
- www.mozilla.org/security/advisories/mfsa2025-96/nvdVendor Advisory
- bugzilla.mozilla.org/show_bug.cginvdIssue TrackingPermissions Required
News mentions
0No linked articles in our index yet.