How severe is CVE-2025-14331?

CVE-2025-14331 has a CVSS v3 score of 6.5 (MEDIUM).

CVE-2025-14331

Name: thunderbird
Author: mozilla

6.5MEDIUM

Same-origin policy bypass in the Request Handling component. This vulnerability affects Firefox < 146, Firefox ESR < 115.31, Firefox ESR < 140.6, Thunderbird < 146, and Thunderbird < 140.6.

Publicado: 12/9/2025Actualizado: 12/10/2025

Descripción

Same-origin policy bypass in the Request Handling component. This vulnerability affects Firefox < 146, Firefox ESR < 115.31, Firefox ESR < 140.6, Thunderbird < 146, and Thunderbird < 140.6.

Análisis IAImpulsado por IA

Productos Afectados

mozillafirefox

mozillathunderbird

Referencias

https://bugzilla.mozilla.org/show_bug.cgi?id=2000218
Issue TrackingPermissions Required
https://www.mozilla.org/security/advisories/mfsa2025-92/
Vendor Advisory
https://www.mozilla.org/security/advisories/mfsa2025-93/
Vendor Advisory
https://www.mozilla.org/security/advisories/mfsa2025-94/
Vendor Advisory
https://www.mozilla.org/security/advisories/mfsa2025-95/
Vendor Advisory
https://www.mozilla.org/security/advisories/mfsa2025-96/
Vendor Advisory