CVE-2025-14331
6.5MEDIUMSame-origin policy bypass in the Request Handling component. This vulnerability affects Firefox < 146, Firefox ESR < 115.31, Firefox ESR < 140.6, Thunderbird < 146, and Thunderbird < 140.6.
Published: 12/9/2025Updated: 12/10/2025
Description
Same-origin policy bypass in the Request Handling component. This vulnerability affects Firefox < 146, Firefox ESR < 115.31, Firefox ESR < 140.6, Thunderbird < 146, and Thunderbird < 140.6.
AI AnalysisPowered by AI
Affected Products
mozillafirefox
mozillafirefox
mozillafirefox
mozillathunderbird
mozillathunderbird
References
- https://bugzilla.mozilla.org/show_bug.cgi?id=2000218Issue TrackingPermissions Required
- https://www.mozilla.org/security/advisories/mfsa2025-92/Vendor Advisory
- https://www.mozilla.org/security/advisories/mfsa2025-93/Vendor Advisory
- https://www.mozilla.org/security/advisories/mfsa2025-94/Vendor Advisory
- https://www.mozilla.org/security/advisories/mfsa2025-95/Vendor Advisory
- https://www.mozilla.org/security/advisories/mfsa2025-96/Vendor Advisory