CVE-2025-14323
BaseFortify
Publication date: 2025-12-09
Last updated on: 2026-04-13
Assigner: Mozilla Corporation
Description
Description
CVSS Scores
EPSS Scores
| Probability: | |
| Percentile: |
Meta Information
Affected Vendors & Products
| Vendor | Product | Version / Range |
|---|---|---|
| mozilla | firefox | * |
| mozilla | firefox_esr | * |
| mozilla | thunderbird | to 140.6.0 (inc) |
Helpful Resources
Exploitability
| CWE ID | Description |
|---|---|
| CWE-UNKNOWN |
Attack-Flow Graph
AI Powered Q&A
Can you explain this vulnerability to me?
This vulnerability is a privilege escalation issue in the DOM Notifications component of Firefox browsers. It affects versions of Firefox prior to 146 and Firefox ESR versions prior to 115.31 and 140.6. Privilege escalation means that an attacker could potentially gain higher-level permissions than intended within the browser environment.
How can this vulnerability impact me? :
This vulnerability can allow an attacker to escalate their privileges within the Firefox browser, potentially leading to unauthorized access to sensitive information, modification of data, or disruption of services. The CVSS score indicates a high impact on confidentiality, integrity, and availability.
What immediate steps should I take to mitigate this vulnerability?
To mitigate this vulnerability, update Firefox to version 146 or later, or Firefox ESR to version 115.31 or later (for ESR 115) or 140.6 or later (for ESR 140). These updates include fixes for the privilege escalation vulnerability in the DOM Notifications component. [3]