CVE-2025-14329
published 2025-12-09CVE-2025-14329: Privilege escalation in the Netmonitor component. This vulnerability was fixed in Firefox 146, Firefox ESR 140.6, Thunderbird 146, and Thunderbird 140.6.
high8.8CVSS 3.1
AVNACLPRNUIRSUCHIHAH
Privilege escalation in the Netmonitor component. This vulnerability was fixed in Firefox 146, Firefox ESR 140.6, Thunderbird 146, and Thunderbird 140.6.
Affected
12 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| debian | firefox | < firefox 146.0-1 (sid) | firefox 146.0-1 (sid) |
| debian | firefox-esr | < firefox 146.0-1 (sid) | firefox 146.0-1 (sid) |
| debian | thunderbird | < firefox 146.0-1 (sid) | firefox 146.0-1 (sid) |
| mozilla | firefox | < 140.6.0 | 140.6.0 |
| mozilla | firefox | < 146.0 | 146.0 |
| mozilla | firefox | — | — |
| mozilla | thunderbird | < 140.6.0 | 140.6.0 |
| mozilla | thunderbird | < 146.0 | 146.0 |
| mozilla | thunderbird | >= 0 < 1:140.6.0esr-1~deb11u1 | 1:140.6.0esr-1~deb11u1 |
| mozilla | thunderbird | >= 0 < 1:140.6.0esr-1~deb12u1 | 1:140.6.0esr-1~deb12u1 |
| mozilla | thunderbird | >= 0 < 1:140.6.0esr-1~deb13u1 | 1:140.6.0esr-1~deb13u1 |
| mozilla | thunderbird | >= 0 < 1:140.6.0esr-1 | 1:140.6.0esr-1 |
CVSS provenance
nvdv3.18.8HIGHCVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
osv8.8HIGH