{"dataType": "CVE_RECORD", "dataVersion": "5.2", "cveMetadata": {"cveId": "CVE-2025-14329", "assignerOrgId": "f16b083a-5664-49f3-a51e-8d479e5ed7fe", "state": "PUBLISHED", "assignerShortName": "mozilla", "dateReserved": "2025-12-09T13:38:04.223Z", "datePublished": "2025-12-09T13:38:04.796Z", "dateUpdated": "2026-04-13T14:25:39.463Z"}, "containers": {"cna": {"affected": [{"product": "Firefox", "vendor": "Mozilla", "versions": [{"status": "unaffected", "version": "140.6", "lessThanOrEqual": "140.*", "versionType": "rpm"}, {"status": "unaffected", "version": "146", "lessThanOrEqual": "*", "versionType": "rpm"}]}, {"product": "Thunderbird", "vendor": "Mozilla", "versions": [{"status": "unaffected", "version": "140.6", "lessThanOrEqual": "140.*", "versionType": "rpm"}, {"status": "unaffected", "version": "146", "lessThanOrEqual": "*", "versionType": "rpm"}]}], "descriptions": [{"lang": "en", "value": "Privilege escalation in the Netmonitor component. This vulnerability was fixed in Firefox 146, Firefox ESR 140.6, Thunderbird 146, and Thunderbird 140.6.", "supportingMedia": [{"type": "text/html", "base64": false, "value": "Privilege escalation in the Netmonitor component. This vulnerability was fixed in Firefox 146, Firefox ESR 140.6, Thunderbird 146, and Thunderbird 140.6."}]}], "title": "Privilege escalation in the Netmonitor component", "references": [{"url": "https://bugzilla.mozilla.org/show_bug.cgi?id=1997018"}, {"url": "https://www.mozilla.org/security/advisories/mfsa2025-92/"}, {"url": "https://www.mozilla.org/security/advisories/mfsa2025-94/"}, {"url": "https://www.mozilla.org/security/advisories/mfsa2025-95/"}, {"url": "https://www.mozilla.org/security/advisories/mfsa2025-96/"}], "credits": [{"lang": "en", "value": "satrya wira yudha"}], "providerMetadata": {"orgId": "f16b083a-5664-49f3-a51e-8d479e5ed7fe", "shortName": "mozilla", "dateUpdated": "2026-04-13T14:25:39.463Z"}}, "adp": [{"metrics": [{"cvssV3_1": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 8.8, "attackVector": "NETWORK", "baseSeverity": "HIGH", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "integrityImpact": "HIGH", "userInteraction": "REQUIRED", "attackComplexity": "LOW", "availabilityImpact": "HIGH", "privilegesRequired": "NONE", "confidentialityImpact": "HIGH"}}, {"other": {"type": "ssvc", "content": {"id": "CVE-2025-14329", "role": "CISA Coordinator", "options": [{"Exploitation": "none"}, {"Automatable": "no"}, {"Technical Impact": "total"}], "version": "2.0.3", "timestamp": "2025-12-10T04:57:15.843111Z"}}}], "problemTypes": [{"descriptions": [{"lang": "en", "type": "CWE", "description": "CWE-noinfo Not enough information"}]}], "title": "CISA ADP Vulnrichment", "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2026-02-26T16:57:07.126Z"}}]}}

{"dataType": "CVE_RECORD", "containers": {"adp": [{"title": "CISA ADP Vulnrichment", "metrics": [{"cvssV3_1": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 8.8, "attackVector": "NETWORK", "baseSeverity": "HIGH", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "integrityImpact": "HIGH", "userInteraction": "REQUIRED", "attackComplexity": "LOW", "availabilityImpact": "HIGH", "privilegesRequired": "NONE", "confidentialityImpact": "HIGH"}}, {"other": {"type": "ssvc", "content": {"id": "CVE-2025-14329", "role": "CISA Coordinator", "options": [{"Exploitation": "none"}, {"Automatable": "no"}, {"Technical Impact": "total"}], "version": "2.0.3", "timestamp": "2025-12-10T04:57:15.843111Z"}}}], "problemTypes": [{"descriptions": [{"lang": "en", "type": "CWE", "description": "CWE-noinfo Not enough information"}]}], "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2025-12-09T15:21:33.872Z"}}], "cna": {"title": "Privilege escalation in the Netmonitor component", "credits": [{"lang": "en", "value": "satrya wira yudha"}], "affected": [{"vendor": "Mozilla", "product": "Firefox", "versions": [{"status": "unaffected", "version": "140.6", "versionType": "rpm", "lessThanOrEqual": "140.*"}, {"status": "unaffected", "version": "146", "versionType": "rpm", "lessThanOrEqual": "*"}]}, {"vendor": "Mozilla", "product": "Thunderbird", "versions": [{"status": "unaffected", "version": "140.6", "versionType": "rpm", "lessThanOrEqual": "140.*"}, {"status": "unaffected", "version": "146", "versionType": "rpm", "lessThanOrEqual": "*"}]}], "references": [{"url": "https://bugzilla.mozilla.org/show_bug.cgi?id=1997018"}, {"url": "https://www.mozilla.org/security/advisories/mfsa2025-92/"}, {"url": "https://www.mozilla.org/security/advisories/mfsa2025-94/"}, {"url": "https://www.mozilla.org/security/advisories/mfsa2025-95/"}, {"url": "https://www.mozilla.org/security/advisories/mfsa2025-96/"}], "descriptions": [{"lang": "en", "value": "Privilege escalation in the Netmonitor component. This vulnerability was fixed in Firefox 146, Firefox ESR 140.6, Thunderbird 146, and Thunderbird 140.6.", "supportingMedia": [{"type": "text/html", "value": "Privilege escalation in the Netmonitor component. This vulnerability was fixed in Firefox 146, Firefox ESR 140.6, Thunderbird 146, and Thunderbird 140.6.", "base64": false}]}], "providerMetadata": {"orgId": "f16b083a-5664-49f3-a51e-8d479e5ed7fe", "shortName": "mozilla", "dateUpdated": "2026-04-13T14:25:39.463Z"}}}, "cveMetadata": {"cveId": "CVE-2025-14329", "state": "PUBLISHED", "dateUpdated": "2026-04-13T14:25:39.463Z", "dateReserved": "2025-12-09T13:38:04.223Z", "assignerOrgId": "f16b083a-5664-49f3-a51e-8d479e5ed7fe", "datePublished": "2025-12-09T13:38:04.796Z", "assignerShortName": "mozilla"}, "dataVersion": "5.2"}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:mozilla:firefox:*:*:*:*:esr:*:*:*", "matchCriteriaId": "A580DBD9-518B-4261-9FA8-DDFB1C5175E1", "versionEndExcluding": "140.6.0", "vulnerable": true}, {"criteria": "cpe:2.3:a:mozilla:firefox:*:*:*:*:-:*:*:*", "matchCriteriaId": "3EF4CBBC-DCB5-4540-8B8A-91DA759ED631", "versionEndExcluding": "146.0", "vulnerable": true}, {"criteria": "cpe:2.3:a:mozilla:thunderbird:*:*:*:*:esr:*:*:*", "matchCriteriaId": "F04F8674-52CC-4217-B94A-8C5E80C5B996", "versionEndExcluding": "140.6.0", "vulnerable": true}, {"criteria": "cpe:2.3:a:mozilla:thunderbird:*:*:*:*:-:*:*:*", "matchCriteriaId": "1CB46BC7-512D-45BF-BCF4-73FDDF94DBAF", "versionEndExcluding": "146.0", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "cveTags": [], "descriptions": [{"lang": "en", "value": "Privilege escalation in the Netmonitor component. This vulnerability was fixed in Firefox 146, Firefox ESR 140.6, Thunderbird 146, and Thunderbird 140.6."}], "id": "CVE-2025-14329", "lastModified": "2026-04-13T15:16:46.317", "metrics": {"cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 8.8, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "REQUIRED", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "version": "3.1"}, "exploitabilityScore": 2.8, "impactScore": 5.9, "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "type": "Secondary"}]}, "published": "2025-12-09T16:17:40.503", "references": [{"source": "security@mozilla.org", "tags": ["Issue Tracking", "Permissions Required"], "url": "https://bugzilla.mozilla.org/show_bug.cgi?id=1997018"}, {"source": "security@mozilla.org", "tags": ["Vendor Advisory"], "url": "https://www.mozilla.org/security/advisories/mfsa2025-92/"}, {"source": "security@mozilla.org", "tags": ["Vendor Advisory"], "url": "https://www.mozilla.org/security/advisories/mfsa2025-94/"}, {"source": "security@mozilla.org", "tags": ["Vendor Advisory"], "url": "https://www.mozilla.org/security/advisories/mfsa2025-95/"}, {"source": "security@mozilla.org", "tags": ["Vendor Advisory"], "url": "https://www.mozilla.org/security/advisories/mfsa2025-96/"}], "sourceIdentifier": "security@mozilla.org", "vulnStatus": "Modified", "weaknesses": [{"description": [{"lang": "en", "value": "NVD-CWE-noinfo"}], "source": "nvd@nist.gov", "type": "Primary"}]}

{"bugzilla": {"description": "firefox: Privilege escalation in the Netmonitor component", "id": "2420509", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2420509"}, "csaw": false, "cvss3": {"cvss3_base_score": "6.1", "cvss3_scoring_vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N", "status": "draft"}, "details": ["No description is available for this CVE."], "name": "CVE-2025-14329", "package_state": [{"cpe": "cpe:/o:redhat:enterprise_linux:10", "fix_state": "Affected", "package_name": "firefox", "product_name": "Red Hat Enterprise Linux 10"}, {"cpe": "cpe:/o:redhat:enterprise_linux:10", "fix_state": "Affected", "package_name": "rhel10/firefox-flatpak", "product_name": "Red Hat Enterprise Linux 10"}, {"cpe": "cpe:/o:redhat:enterprise_linux:6", "fix_state": "Out of support scope", "package_name": "firefox", "product_name": "Red Hat Enterprise Linux 6"}, {"cpe": "cpe:/o:redhat:enterprise_linux:7", "fix_state": "Affected", "package_name": "firefox", "product_name": "Red Hat Enterprise Linux 7"}, {"cpe": "cpe:/o:redhat:enterprise_linux:8", "fix_state": "Affected", "package_name": "firefox", "product_name": "Red Hat Enterprise Linux 8"}, {"cpe": "cpe:/o:redhat:enterprise_linux:9", "fix_state": "Affected", "package_name": "firefox", "product_name": "Red Hat Enterprise Linux 9"}], "public_date": "2025-12-09T13:38:04Z", "references": ["https://www.cve.org/CVERecord?id=CVE-2025-14329\nhttps://nvd.nist.gov/vuln/detail/CVE-2025-14329\nhttps://www.mozilla.org/security/advisories/mfsa2025-94/#CVE-2025-14329"], "statement": "Red Hat Product Security rates the severity of this flaw as determined by the Mozilla Foundation Security Advisory.", "threat_severity": "Moderate"}

{"analysis": {"en": {"generated_at": "2026-04-20T17:36:19.107097+00:00", "value": {"mitigation_remediation": ["Upgrade Mozilla Firefox to at least version 146 or, for ESR, to 140.6 or newer.", "Upgrade Mozilla Thunderbird to at least version 146 or, for ESR, to 140.6 or newer.", "If an immediate update is not feasible, disable the Netmonitor component or restrict its usage to prevent exploitation."], "summary": {"action": "Immediate Patch", "impact": "Privilege Escalation"}, "threat_synthesis": {"affected_systems": "Mozilla Firefox versions earlier than 146, and Firefox ESR versions earlier than 140.6, as well as Mozilla Thunderbird versions earlier than 146 and Thunderbird ESR versions earlier than 140.6, are affected. The Netmonitor component in these browsers is vulnerable.", "description_and_impact": "The Netmonitor component contains a flaw that allows local users to elevate their privileges. The vulnerability enables them to execute actions or access resources beyond their intended authorization, which could compromise system integrity.", "risk_and_exploitability": "The CVSS score of 8.8 indicates a high severity. The EPSS score of < 1% suggests that exploitation attempts are currently rare. The vulnerability is not listed in CISA KEV, meaning no confirmed widespread exploitation has been documented. Likely exploitation requires local access to the system and the presence of the Netmonitor component. Once triggered, the attacker can gain higher privileges and potentially compromise the entire system."}}}}, "created": "2025-12-10T17:51:35.448970+00:00", "updated": "2026-04-20T17:45:12.951871+00:00", "vendors": ["mozilla", "mozilla$PRODUCT$firefox", "mozilla$PRODUCT$firefox_esr"], "weaknesses": ["CWE-269", "CWE-284"]}