DEBIAN-CVE-2025-14328

DEBIAN-CVE-2025-14328 PUBLISHED CVSS 8.800000190734863 HIGH

Privilege escalation in the Netmonitor component. This vulnerability was fixed in Firefox 146, Firefox ESR 140.6, Thunderbird 146, and Thunderbird 140.6.

Risk Scores

CVSS v3.1

8.800000190734863

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

Affected Products

Vendor	Product	Versions
Debian:14	firefox-esr	140.3.0esr-1~deb12u1, 140.3.0esr-1~deb11u2, 140.3.0esr-1
Debian:13	thunderbird	1:140.5.0esr-1~deb13u1, 0, 1:128.13.0esr-1
Debian:13	firefox-esr	140.3.0esr-1~deb11u1, 128.14.0esr-1~deb12u1, 128.14.0esr-1~deb11u1
Debian:14	thunderbird	140.3.1, 140.4.0, 140.4.0
Debian:11	thunderbird	, , *
Debian:12	thunderbird	115.6.0-1, 1:102.11.0-1, 1:102.12.0-1
Debian:12	firefox-esr	102.11.0esr-1, 102.12.0esr-1, 102.12.0esr-1~deb10u1
Debian:11	firefox-esr	128.3.0, 128.3.0, 128.3.0

Timeline

Dec 9, 2025 CVE Published
Apr 28, 2026 CVE Updated

References

https://security-tracker.debian.org/tracker/CVE-2025-14328 advisory

Open in Interactive Console →