CVE-2025-14327
published 2025-12-09CVE-2025-14327: Spoofing issue in the Downloads Panel component. This vulnerability was fixed in Firefox 146, Thunderbird 146, Firefox ESR 140.7, and Thunderbird 140.7.
high7.5CVSS 3.1
AVNACLPRNUINSUCNIHAN
Spoofing issue in the Downloads Panel component. This vulnerability was fixed in Firefox 146, Thunderbird 146, Firefox ESR 140.7, and Thunderbird 140.7.
Affected
10 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| debian | firefox | < firefox 146.0-1 (sid) | firefox 146.0-1 (sid) |
| debian | firefox-esr | < firefox 146.0-1 (sid) | firefox 146.0-1 (sid) |
| debian | thunderbird | < firefox 146.0-1 (sid) | firefox 146.0-1 (sid) |
| mozilla | firefox | < 146.0 | 146.0 |
| mozilla | firefox | — | — |
| mozilla | thunderbird | < 146.0 | 146.0 |
| mozilla | thunderbird | >= 0 < 1:140.7.0esr-1~deb11u1 | 1:140.7.0esr-1~deb11u1 |
| mozilla | thunderbird | >= 0 < 1:140.7.0esr-1~deb12u1 | 1:140.7.0esr-1~deb12u1 |
| mozilla | thunderbird | >= 0 < 1:140.7.0esr-1~deb13u1 | 1:140.7.0esr-1~deb13u1 |
| mozilla | thunderbird | >= 0 < 1:140.7.0esr-1 | 1:140.7.0esr-1 |
CVSS provenance
nvdv3.17.5HIGHCVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N
osv7.5HIGH