CVE-2025-14331

Description

Same-origin policy bypass in the Request Handling component. This vulnerability affects Firefox < 146, Firefox ESR < 115.31, Firefox ESR < 140.6, Thunderbird < 146, and Thunderbird < 140.6.

PUBLISHED Reserved 2025-12-09 | Published 2025-12-09 | Updated 2025-12-10 | Assigner mozilla

Product status

Credits

Igor Morgenstern

References

bugzilla.mozilla.org/show_bug.cgi?id=2000218

www.mozilla.org/security/advisories/mfsa2025-92/

www.mozilla.org/security/advisories/mfsa2025-93/

www.mozilla.org/security/advisories/mfsa2025-94/

www.mozilla.org/security/advisories/mfsa2025-95/

www.mozilla.org/security/advisories/mfsa2025-96/

cve.org (CVE-2025-14331)

nvd.nist.gov (CVE-2025-14331)

Download JSON