CVE-2025-14333
Description
Memory safety bugs present in Firefox ESR 140.5, Thunderbird ESR 140.5, Firefox 145 and Thunderbird 145. Some of these bugs showed evidence of memory corruption and we presume that with enough effort some of these could have been exploited to run arbitrary code. This vulnerability affects Firefox < 146, Firefox ESR < 140.6, Thunderbird < 146, and Thunderbird < 140.6.
Risk Information
Base Score
8.1
MODERATE
Vector
CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H
EPSS Score
Exploitation Probability
0.067
Associated Vulnerability
| Vulnerability | OS Platform |
|---|---|
| Multiple vulnerabilities are fixed in Mozilla Firefox (Microsoft Store) 140.6 | Windows |
| Multiple vulnerabilities are fixed in Mozilla Firefox (Microsoft Store) 146 | Windows |
| Multiple vulnerabilities are fixed in Mozilla Thunderbird ESR 140 (140.6.0) | Windows |
| Multiple vulnerabilities are fixed in Mozilla Thunderbird ESR 140 (x64) (140.6.0) | Windows |
| Multiple vulnerabilities are fixed in Mozilla Thunderbird (146.0) | Windows |
| Multiple vulnerabilities are fixed in Mozilla Thunderbird (x64) (146.0) | Windows |
| Multiple vulnerabilities are fixed in Mozilla Firefox (146.0) | Windows |
| Multiple vulnerabilities are fixed in Mozilla Firefox (x64) (146.0) | Windows |
| Multiple vulnerabilities are fixed in Mozilla Firefox (146.0.1) | Windows |
| Multiple vulnerabilities are fixed in Mozilla Firefox (x64) (146.0.1) | Windows |
| Multiple vulnerabilities are fixed in Mozilla Firefox For Mac (146.0) | Mac |
| Multiple vulnerabilities are fixed in Mozilla Firefox For Mac (146.0.1) | Mac |
Patch Details
Click to see the patches provided by ManageEngine for this CVE
| Patch ID | Patch Description |
|---|---|
| PATCH-354116 | Mozilla Thunderbird ESR 140 (140.6.0) |
| PATCH-354117 | Mozilla Thunderbird ESR 140 (x64) (140.6.0) |
| PATCH-354114 | Mozilla Thunderbird (146.0) |
| PATCH-354115 | Mozilla Thunderbird (x64) (146.0) |
| PATCH-354443 | Mozilla Firefox (146.0.1) |
| PATCH-354444 | Mozilla Firefox (x64) (146.0.1) |
| PATCH-354443 | Mozilla Firefox (146.0.1) |
| PATCH-354444 | Mozilla Firefox (x64) (146.0.1) |
| PATCH-613630 | Mozilla Firefox For Mac (147.0.4) |
| PATCH-613630 | Mozilla Firefox For Mac (147.0.4) |
References
https://nvd.nist.gov/vuln/detail/CVE-2023-1234
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-1234