cbcvebase.
CVE-2025-14323
published 2025-12-09

CVE-2025-14323: Privilege escalation in the DOM: Notifications component. This vulnerability was fixed in Firefox 146, Firefox ESR 115.31, Firefox ESR 140.6, Thunderbird 146…

high8.8CVSS 3.1
AVNACLPRNUIRSUCHIHAH
Privilege escalation in the DOM: Notifications component. This vulnerability was fixed in Firefox 146, Firefox ESR 115.31, Firefox ESR 140.6, Thunderbird 146, and Thunderbird 140.6.

Affected

17 ranges
VendorProductVersion rangeFixed in
debianfirefox< firefox 146.0-1 (sid)firefox 146.0-1 (sid)
debianfirefox-esr< firefox 146.0-1 (sid)firefox 146.0-1 (sid)
debianthunderbird< firefox 146.0-1 (sid)firefox 146.0-1 (sid)
mozillafirefox< 115.31.0115.31.0
mozillafirefox< 146.0146.0
mozillafirefox
mozillafirefox>= 116.0 < 140.6.0140.6.0
mozillathunderbird< 140.6.0140.6.0
mozillathunderbird< 146.0146.0
mozillathunderbird>= 0 < 1:140.6.0esr-1~deb11u11:140.6.0esr-1~deb11u1
mozillathunderbird>= 0 < 1:140.6.0esr-1~deb12u11:140.6.0esr-1~deb12u1
mozillathunderbird>= 0 < 1:140.6.0esr-1~deb13u11:140.6.0esr-1~deb13u1
mozillathunderbird>= 0 < 1:140.6.0esr-11:140.6.0esr-1
msrcazl3_samba_4.18.3-1_on_azure_linux_3.0
msrcazure_linux_3.0_arm
msrcazure_linux_3.0_x64
msrccbl2_samba_4.12.5-6_on_cbl_mariner_2.0

CVSS provenance

nvdv3.18.8HIGHCVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
osv8.8HIGH