CVE-2025-14321
Published Dec 9, 2025
Last updated 2 months ago
AI description
CVE-2025-14321 is identified as a use-after-free (UAF) vulnerability found within the WebRTC Signaling component of Mozilla Firefox and Thunderbird. Specifically, the AISLE Research Team discovered this UAF in Firefox's WebRTC Encoded Transforms mechanism, occurring via an "undetached ArrayBuffer". This vulnerability impacts Firefox versions earlier than 146, Firefox ESR versions prior to 140.6, and Thunderbird versions before 146 and 140.6. The UAF could potentially be exploited to facilitate remote code execution by providing primitives for heap corruption (write) and information leakage (read).
- Description
- Use-after-free in the WebRTC: Signaling component. This vulnerability affects Firefox < 146, Firefox ESR < 140.6, Thunderbird < 146, and Thunderbird < 140.6.
- Source
- security@mozilla.org
- NVD status
- Modified
- Products
- firefox, thunderbird
CVSS 3.1
- Type
- Primary
- Base score
- 9.8
- Impact score
- 5.9
- Exploitability score
- 3.9
- Vector string
- CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
- Severity
- CRITICAL
Hype score is a measure of social media activity compared against trending CVEs from the past 12 months. Max score 100.
- Hype score
8
Firefox / WebRTC Encoded Transforms: UAF via undetached ArrayBuffer / CVE-2025-14321: https://t.co/PsyNVm0z8H #vulnerability #cybersecurity #informationsecurity #firefox #exploitation
@blackstormsecbr
2 Feb 2026
3927 Impressions
12 Retweets
57 Likes
30 Bookmarks
0 Replies
0 Quotes
⚠️ Vulnerabilidades en productos Mozilla ❗ CVE-2025-14324 ❗ CVE-2025-14322 ❗ CVE-2025-14321 ➡️ Más info: https://t.co/we7ObPuSWg https://t.co/1b22OSkjur
@CERTpy
7 Jan 2026
152 Impressions
1 Retweet
1 Like
0 Bookmarks
0 Replies
0 Quotes
CVE-2025-14321 Use-after-free in the WebRTC: Signaling component. This vulnerability affects Firefox < 146 and Firefox ESR < 140.6. https://t.co/ups0nMgNf9
@CVEnew
15 Dec 2025
382 Impressions
0 Retweets
1 Like
0 Bookmarks
0 Replies
0 Quotes
CRITICAL: Mozilla #Thunderbird memory corruption flaw patched (CVE-2025-14321). Exploitation via email could lead to system takeover. #SUSE advisory SU-2025:4397-1 released. Read more: 👉 https://t.co/YQGe8bxNCQ #Security https://t.co/QaNXsztlUd
@Cezar_H_Linux
15 Dec 2025
16 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
Breaking security news: The #Debian Project has issued Security Advisory DSA-6081-1 addressing critical Thunderbird vulnerability CVE-2025-14321 Read more: 👉 https://t.co/FgkMxb0LmH #Security https://t.co/ffOIIBvy71
@Cezar_H_Linux
14 Dec 2025
52 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
🔴 #Firefox/Thunderbird, Use-after-free, #CVE-2025-14321 (Critical) https://t.co/EQ1ykOrOGB
@dailycve
11 Dec 2025
28 Impressions
0 Retweets
0 Likes
1 Bookmark
0 Replies
0 Quotes
URGENT: #Debian 11 #Security update for Firefox ESR (DLA-4401-1) patches critical flaws like CVE-2025-14321. Risks: arbitrary code execution & sandbox escape. Read more: 👉 https://t.co/N4O4yFJp0d https://t.co/MW7MC4iJS2
@Cezar_H_Linux
11 Dec 2025
65 Impressions
0 Retweets
0 Likes
1 Bookmark
0 Replies
0 Quotes
[
{
"nodes": [
{
"negate": false,
"cpeMatch": [
{
"criteria": "cpe:2.3:a:mozilla:firefox:*:*:*:*:esr:*:*:*",
"vulnerable": true,
"matchCriteriaId": "A580DBD9-518B-4261-9FA8-DDFB1C5175E1",
"versionEndExcluding": "140.6.0"
},
{
"criteria": "cpe:2.3:a:mozilla:firefox:*:*:*:*:-:*:*:*",
"vulnerable": true,
"matchCriteriaId": "3EF4CBBC-DCB5-4540-8B8A-91DA759ED631",
"versionEndExcluding": "146.0"
},
{
"criteria": "cpe:2.3:a:mozilla:thunderbird:*:*:*:*:esr:*:*:*",
"vulnerable": true,
"matchCriteriaId": "F04F8674-52CC-4217-B94A-8C5E80C5B996",
"versionEndExcluding": "140.6.0"
},
{
"criteria": "cpe:2.3:a:mozilla:thunderbird:*:*:*:*:-:*:*:*",
"vulnerable": true,
"matchCriteriaId": "1CB46BC7-512D-45BF-BCF4-73FDDF94DBAF",
"versionEndExcluding": "146.0"
}
],
"operator": "OR"
}
]
}
]