VDB
DEBIAN-CVE-2025-14327
DEBIAN-CVE-2025-14327
PUBLISHED
CVSS 7.5 HIGH
Spoofing issue in the Downloads Panel component. This vulnerability was fixed in Firefox 146, Thunderbird 146, Firefox ESR 140.7, and Thunderbird 140.7.
Risk Scores
CVSS v3.1
7.5
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Debian:11 | firefox-esr | 140.4.0esr-1~deb11u1, *, * |
| Debian:14 | thunderbird | 136.0-1, 140.5.0, 140.5.0 |
| Debian:14 | firefox-esr | 140.5.0esr-1~deb13u1, 140.6.0esr-1, 140.6.0esr-1~deb13u1 |
| Debian:12 | thunderbird | 1:128.10.1esr-1~deb12u1, *, * |
| Debian:13 | firefox-esr | 0, *, * |
| Debian:11 | thunderbird | 115.8.0-1, 1:102.0.1-1, 1:102.0~b4-1 |
| Debian:13 | thunderbird | *, *, * |
| Debian:12 | firefox-esr | 102.12.0esr-1, 102.12.0esr-1~deb10u1, 102.12.0esr-1~deb11u1 |
Timeline
- Dec 9, 2025 CVE Published
- Apr 28, 2026 CVE Updated