Back to overview

CVE-2025-14326

CRITICAL
9.8
CVSS 3.1
Description
Use-after-free in the Audio/Video: GMP component. This vulnerability was fixed in Firefox 146 and Thunderbird 146.

Metadata

CVE ID
CVE-2025-14326
State
PUBLISHED
Assigner
mozilla
Reserved
2025-12-09 13:37 UTC
Published
2025-12-09 13:38 UTC
Last updated
2026-04-13 14:28 UTC
Primary CWE
CWE-416
CWE-416 Use After Free
Vendor / Product
Mozilla / Firefox
Sources
cve.org  ·  NVD

Severity & Metrics

9.8 CRITICAL CVSS 3.1
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
SSVC — CISA Coordinator
Exploitation
none
Automatable
yes
Tech. Impact
total
Affected products (2)
VendorProductPlatformVersions
Mozilla Firefox 146 ≤ *
Mozilla Thunderbird 146 ≤ *
Weakness (CWE)
CWESourceDescription
CWE-416 adp CWE-416 Use After Free
CVSS scores (1)
ScoreSeverityVersionSourceVector
9.8 CRITICAL 3.1 adp CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
References (3)
Back to overview