VDB

GCVE-VVD-MAGEIA-2025-329

GCVE-VVD-MAGEIA-2025-329
Advisory Published
Vulnetix · Advisory published December 15, 2025
Use-after-free in the WebRTC: Signaling component. (CVE-2025-14321) Sandbox escape due to incorrect boundary conditions in the Graphics: CanvasWebGL component. (CVE-2025-14322) Privilege escalation in the DOM: Notifications component. (CVE-2025-14323) IT miscompilation in the JavaScript Engine: JIT component. (CVE-2025-14324, CVE-2025-14325, CVE-2025-14330) Privilege escalation in the Netmonitor component. (CVE-2025-14328, CVE-2025-14329) Same-origin policy bypass in the Request Handling component. (CVE-2025-14331) Memory safety bugs fixed in Firefox ESR 140.6, Thunderbird ESR 140.6, Firefox 146 and Thunderbird 146. (CVE-2025-14333)
Download JSON Open in Console

Affected Products

VendorProductVersionsPlatforms
Mageiathunderbird0 (affected), 140.6.0-1.mga9 (unaffected)
Mageiathunderbird-l10n0 (affected), 140.6.0-1.mga9 (unaffected)

References

Updated thunderbird packages fix security vulnerabilities
advisory
Updated thunderbird packages fix security vulnerabilities
issue
Updated thunderbird packages fix security vulnerabilities
issue
Updated thunderbird packages fix security vulnerabilities
issue

Browse GCVE Records

100 records in the GCVE database · Updated April 16, 2026

No matching records found.

Explore Further

Investigate this vulnerability in the interactive console or download the raw GCVE record.

Open in Console Download JSON
$ Console Community · 100/wk Open console ›