PT-2025-49858 · Mozilla+9 · Firefox Esr+10

Igor Morgenstern

·

Published

2025-01-01

·

Updated

2026-02-06

·

CVE-2025-14331

CVSS v3.1

6.5

Medium

VectorAV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N
Name of the Vulnerable Software and Affected Versions Firefox versions prior to 146 Firefox ESR versions prior to 115.31 Firefox ESR versions prior to 140.6
Description A same-origin policy bypass exists within the Request Handling component. This allows potential circumvention of security restrictions designed to isolate different origins.
Recommendations Update Firefox to version 146 or later. Update Firefox ESR to version 115.31 or later. Update Firefox ESR to version 140.6 or later.

Fix

Origin Validation Error

Found an issue in the description? Have something to add? Feel free to write us 👾
dbugs@ptsecurity.com

Weakness Enumeration

CWE-346

Related Identifiers

ALSA-2025:23034
ALSA-2025:23035
ALSA-2025:23128
ALSA-2025:23856
ALSA-2026:0025
ALSA-2026:0026
BDU:2025-16360
CVE-2025-14331
DLA-4401-1
DLA-4405-1
DSA-6078-1
DSA-6081-1
MGASA-2025-0328
MGASA-2025-0329
OESA-2026-1085
OESA-2026-1086
OESA-2026-1088
OESA-2026-1089
OESA-2026-1090
OESA-2026-1264
OESA-2026-1285
OPENSUSE-SU-2025:15809-1
OPENSUSE-SU-2025:15813-1
OPENSUSE-SU-2025:15814-1
OPENSUSE-SU-2026:20014-1
OPENSUSE-SU-2026:20046-1
RHSA-2026:0003
RHSA-2026:0004
RHSA-2026:0005
RHSA-2026:0006
RHSA-2026:0007
RHSA-2026:0013
RHSA-2026:0014
RHSA-2026:0015
RHSA-2026:0016
RHSA-2026:0017
RHSA-2026:0018
RHSA-2026:0019
RHSA-2026:0020
RHSA-2026:0021
RHSA-2026:0022
RHSA-2026:0023
RHSA-2026:0024
RHSA-2026:0025
RHSA-2026:0026
RHSA-2026:0124
RHSA-2026:0127
SUSE-SU-2025:4396-1
SUSE-SU-2025:4397-1
SUSE-SU-2025:4424-1
SUSE-SU-2026:20031-1
USN-7991-1

Affected Products

Alt Linux
Almalinux
Centos
Debian
Firefox
Firefox Esr
Linuxmint
Red Hat
Red Os
Rocky Linux
Ubuntu