cbcvebase.
CVE-2025-14331
published 2025-12-09

CVE-2025-14331: Same-origin policy bypass in the Request Handling component. This vulnerability was fixed in Firefox 146, Firefox ESR 115.31, Firefox ESR 140.6, Thunderbird…

medium6.5CVSS 3.1
AVNACLPRNUINSUCLILAN
Same-origin policy bypass in the Request Handling component. This vulnerability was fixed in Firefox 146, Firefox ESR 115.31, Firefox ESR 140.6, Thunderbird 146, and Thunderbird 140.6.

Affected

13 ranges
VendorProductVersion rangeFixed in
debianfirefox< firefox 146.0-1 (sid)firefox 146.0-1 (sid)
debianfirefox-esr< firefox 146.0-1 (sid)firefox 146.0-1 (sid)
debianthunderbird< firefox 146.0-1 (sid)firefox 146.0-1 (sid)
mozillafirefox< 115.31.0115.31.0
mozillafirefox< 146.0146.0
mozillafirefox
mozillafirefox>= 116.0 < 140.6.0140.6.0
mozillathunderbird< 140.6.0140.6.0
mozillathunderbird< 146.0146.0
mozillathunderbird>= 0 < 1:140.6.0esr-1~deb11u11:140.6.0esr-1~deb11u1
mozillathunderbird>= 0 < 1:140.6.0esr-1~deb12u11:140.6.0esr-1~deb12u1
mozillathunderbird>= 0 < 1:140.6.0esr-1~deb13u11:140.6.0esr-1~deb13u1
mozillathunderbird>= 0 < 1:140.6.0esr-11:140.6.0esr-1

CVSS provenance

nvdv3.16.5MEDIUMCVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N
osv6.5MEDIUM