CVSS: 10.0EPSS: 0%CPEs: 1EXPL: 0CVE-2025-14861 – Memory safety bugs fixed in Firefox 146.0.1
https://notcve.org/view.php?id=CVE-2025-14861
18 Dec 2025 — Memory safety bugs present in Firefox 146. ... This vulnerability affects Firefox < 146.0.1. • https://bugzilla.mozilla.org/buglist.cgi?bug_id=1996570%2C1999700 • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •
CVSS: 9.8EPSS: 0%CPEs: 1EXPL: 0CVE-2025-14860 – Use-after-free in the Disability Access APIs component
https://notcve.org/view.php?id=CVE-2025-14860
18 Dec 2025 — This vulnerability affects Firefox < 146.0.1. • https://bugzilla.mozilla.org/show_bug.cgi?id=2000597 • CWE-416: Use After Free •
CVSS: 9.8EPSS: 0%CPEs: 6EXPL: 0CVE-2025-14330 – JIT miscompilation in the JavaScript Engine: JIT component
https://notcve.org/view.php?id=CVE-2025-14330
09 Dec 2025 — This vulnerability affects Firefox < 146 and Firefox ESR < 140.6. ... This vulnerability affects Firefox < 146, Firefox ESR < 140.6, Thunderbird < 146, and Thunderbird < 140.6. Multiple security issues have been found in the Mozilla Firefox web browser, which could potentially result in the execution of arbitrary code, sandbox escape, same-origin policy bypass or privilege escalation. • https://bugzilla.mozilla.org/show_bug.cgi?id=1997503 • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer CWE-686: Function Call With Incorrect Argument Type CWE-843: Access of Resource Using Incompatible Type ('Type Confusion') •
CVSS: 10.0EPSS: 0%CPEs: 6EXPL: 0CVE-2025-14329 – Privilege escalation in the Netmonitor component
https://notcve.org/view.php?id=CVE-2025-14329
09 Dec 2025 — This vulnerability affects Firefox < 146 and Firefox ESR < 140.6. ... This vulnerability affects Firefox < 146, Firefox ESR < 140.6, Thunderbird < 146, and Thunderbird < 140.6. Multiple security issues have been found in the Mozilla Firefox web browser, which could potentially result in the execution of arbitrary code, sandbox escape, same-origin policy bypass or privilege escalation. • https://bugzilla.mozilla.org/show_bug.cgi?id=1997018 •
CVSS: 10.0EPSS: 0%CPEs: 6EXPL: 0CVE-2025-14328 – Privilege escalation in the Netmonitor component
https://notcve.org/view.php?id=CVE-2025-14328
09 Dec 2025 — This vulnerability affects Firefox < 146 and Firefox ESR < 140.6. ... This vulnerability affects Firefox < 146, Firefox ESR < 140.6, Thunderbird < 146, and Thunderbird < 140.6. Multiple security issues have been found in the Mozilla Firefox web browser, which could potentially result in the execution of arbitrary code, sandbox escape, same-origin policy bypass or privilege escalation. • https://bugzilla.mozilla.org/show_bug.cgi?id=1996761 •
CVSS: 9.8EPSS: 0%CPEs: 1EXPL: 0CVE-2025-14326 – Use-after-free in the Audio/Video: GMP component
https://notcve.org/view.php?id=CVE-2025-14326
09 Dec 2025 — This vulnerability affects Firefox < 146. ... This vulnerability affects Firefox < 146 and Thunderbird < 146. • https://bugzilla.mozilla.org/show_bug.cgi?id=1840666 • CWE-416: Use After Free •
CVSS: 10.0EPSS: 0%CPEs: 10EXPL: 0CVE-2025-14324 – JIT miscompilation in the JavaScript Engine: JIT component
https://notcve.org/view.php?id=CVE-2025-14324
09 Dec 2025 — This vulnerability affects Firefox < 146, Firefox ESR < 115.31, and Firefox ESR < 140.6. ... This vulnerability affects Firefox < 146, Firefox ESR < 115.31, Firefox ESR < 140.6, Thunderbird < 146, and Thunderbird < 140.6. Multiple security issues have been found in the Mozilla Firefox web browser, which could potentially result in the execution of arbitrary code, sandbox escape, same-origin policy bypass or privilege escalation. • https://bugzilla.mozilla.org/show_bug.cgi?id=1996840 • CWE-94: Improper Control of Generation of Code ('Code Injection') •
CVSS: 10.0EPSS: 0%CPEs: 6EXPL: 0CVE-2025-14323 – Privilege escalation in the DOM: Notifications component
https://notcve.org/view.php?id=CVE-2025-14323
09 Dec 2025 — This vulnerability affects Firefox < 146, Firefox ESR < 115.31, and Firefox ESR < 140.6. ... This vulnerability affects Firefox < 146, Firefox ESR < 115.31, Firefox ESR < 140.6, Thunderbird < 146, and Thunderbird < 140.6. Multiple security issues have been found in the Mozilla Firefox web browser, which could potentially result in the execution of arbitrary code, sandbox escape, same-origin policy bypass or privilege escalation. • https://bugzilla.mozilla.org/show_bug.cgi?id=1996555 •
CVSS: 9.8EPSS: 0%CPEs: 6EXPL: 0CVE-2025-14321 – Use-after-free in the WebRTC: Signaling component
https://notcve.org/view.php?id=CVE-2025-14321
09 Dec 2025 — This vulnerability affects Firefox < 146 and Firefox ESR < 140.6. ... This vulnerability affects Firefox < 146, Firefox ESR < 140.6, Thunderbird < 146, and Thunderbird < 140.6. Multiple security issues have been found in the Mozilla Firefox web browser, which could potentially result in the execution of arbitrary code, sandbox escape, same-origin policy bypass or privilege escalation. • https://bugzilla.mozilla.org/show_bug.cgi?id=1992760 • CWE-416: Use After Free •
CVSS: 9.4EPSS: 0%CPEs: 1EXPL: 0CVE-2025-62593 – Ray is vulnerable to RCE via Safari & Firefox Browsers through DNS Rebinding Attack
https://notcve.org/view.php?id=CVE-2025-62593
26 Nov 2025 — Prior to version 2.52.0, developers working with Ray as a development tool can be exploited via a critical RCE vulnerability exploitable via Firefox and Safari. • https://github.com/ray-project/ray/commit/70e7c72780bdec075dba6cad1afe0832772bfe09 • CWE-94: Improper Control of Generation of Code ('Code Injection') CWE-352: Cross-Site Request Forgery (CSRF) •