CVE-2025-14321
Published Dec 9, 2025
Last updated 3 months ago
- Description
- Use-after-free in the WebRTC: Signaling component. This vulnerability affects Firefox < 146, Firefox ESR < 140.6, Thunderbird < 146, and Thunderbird < 140.6.
- Source
- security@mozilla.org
- NVD status
- Modified
- Products
- firefox, thunderbird
CVSS 3.1
- Type
- Primary
- Base score
- 9.8
- Impact score
- 5.9
- Exploitability score
- 3.9
- Vector string
- CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
- Severity
- CRITICAL
- Hype score
- Not currently trending
๐จ Attention #openSUSE Tumbleweed Users & System Admins! ๐จ A new security update is live, patching vulnerability CVE-2025-14321 in the cockpit-machines package. Read more: ๐ https://t.co/uJaX3VchWF #Security https://t.co/OSbUoEcTBo
@Cezar_H_Linux
6 Feb 2026
52 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
Firefox / WebRTC Encoded Transforms: UAF via undetached ArrayBuffer / CVE-2025-14321: https://t.co/PsyNVm0z8H #vulnerability #cybersecurity #informationsecurity #firefox #exploitation
@blackstormsecbr
2 Feb 2026
3927 Impressions
12 Retweets
57 Likes
30 Bookmarks
0 Replies
0 Quotes
โ ๏ธ Vulnerabilidades en productos Mozilla โ CVE-2025-14324 โ CVE-2025-14322 โ CVE-2025-14321 โก๏ธ Mรกs info: https://t.co/we7ObPuSWg https://t.co/1b22OSkjur
@CERTpy
7 Jan 2026
152 Impressions
1 Retweet
1 Like
0 Bookmarks
0 Replies
0 Quotes
CVE-2025-14321 Use-after-free in the WebRTC: Signaling component. This vulnerability affects Firefox < 146 and Firefox ESR < 140.6. https://t.co/ups0nMgNf9
@CVEnew
15 Dec 2025
382 Impressions
0 Retweets
1 Like
0 Bookmarks
0 Replies
0 Quotes
CRITICAL: Mozilla #Thunderbird memory corruption flaw patched (CVE-2025-14321). Exploitation via email could lead to system takeover. #SUSE advisory SU-2025:4397-1 released. Read more: ๐ https://t.co/YQGe8bxNCQ #Security https://t.co/QaNXsztlUd
@Cezar_H_Linux
15 Dec 2025
16 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
Breaking security news: The #Debian Project has issued Security Advisory DSA-6081-1 addressing critical Thunderbird vulnerability CVE-2025-14321 Read more: ๐ https://t.co/FgkMxb0LmH #Security https://t.co/ffOIIBvy71
@Cezar_H_Linux
14 Dec 2025
52 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
๐ด #Firefox/Thunderbird, Use-after-free, #CVE-2025-14321 (Critical) https://t.co/EQ1ykOrOGB
@dailycve
11 Dec 2025
28 Impressions
0 Retweets
0 Likes
1 Bookmark
0 Replies
0 Quotes
URGENT: #Debian 11 #Security update for Firefox ESR (DLA-4401-1) patches critical flaws like CVE-2025-14321. Risks: arbitrary code execution & sandbox escape. Read more: ๐ https://t.co/N4O4yFJp0d https://t.co/MW7MC4iJS2
@Cezar_H_Linux
11 Dec 2025
65 Impressions
0 Retweets
0 Likes
1 Bookmark
0 Replies
0 Quotes
[
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:mozilla:firefox:*:*:*:*:esr:*:*:*",
"matchCriteriaId": "A580DBD9-518B-4261-9FA8-DDFB1C5175E1",
"versionEndExcluding": "140.6.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mozilla:firefox:*:*:*:*:-:*:*:*",
"matchCriteriaId": "3EF4CBBC-DCB5-4540-8B8A-91DA759ED631",
"versionEndExcluding": "146.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mozilla:thunderbird:*:*:*:*:esr:*:*:*",
"matchCriteriaId": "F04F8674-52CC-4217-B94A-8C5E80C5B996",
"versionEndExcluding": "140.6.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mozilla:thunderbird:*:*:*:*:-:*:*:*",
"matchCriteriaId": "1CB46BC7-512D-45BF-BCF4-73FDDF94DBAF",
"versionEndExcluding": "146.0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
]