CVE-2025-14331
Discovered by AISLEPUBLISHED
Description
Same-origin policy bypass in the Request Handling component. This vulnerability was fixed in Firefox 146, Firefox ESR 115.31, Firefox ESR 140.6, Thunderbird 146, and Thunderbird 140.6.
CVSS Base Scores
CVSS v3.1(Primary)
6.5CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N
Affected Products
| Vendor | Product | Version | Status |
|---|---|---|---|
| Mozilla | Firefox | 115.31 | unaffected |
| Mozilla | Firefox | 140.6 | — |
| Mozilla | Firefox | 146 | — |
| Mozilla | Thunderbird | 115.31 | unaffected |
| Mozilla | Thunderbird | 140.6 | — |
| Mozilla | Thunderbird | 146 | — |
Credits
- Igor Morgenstern
References
- https://bugzilla.mozilla.org/show_bug.cgi?id=2000218
- https://www.mozilla.org/security/advisories/mfsa2025-92/
- https://www.mozilla.org/security/advisories/mfsa2025-93/
- https://www.mozilla.org/security/advisories/mfsa2025-94/
- https://www.mozilla.org/security/advisories/mfsa2025-95/
- https://www.mozilla.org/security/advisories/mfsa2025-96/