CVE-2025-14860: Vulnerability in Mozilla Firefox
Use-after-free in the Disability Access APIs component. This vulnerability was fixed in Firefox 146.0.1.
AI Analysis
Technical Summary
This vulnerability (CVE-2025-14860) involves a use-after-free condition in the Disability Access APIs component of Mozilla Firefox. Use-after-free bugs occur when a program continues to use a pointer after the memory it points to has been freed, potentially leading to memory corruption and arbitrary code execution. Mozilla addressed this issue in Firefox 146.0.1 as part of a set of memory safety fixes. The vulnerability has a CVSS v3.1 base score of 9.8, reflecting its critical impact with network attack vector, no required privileges or user interaction, and high confidentiality, integrity, and availability impacts.
Potential Impact
Successful exploitation of this vulnerability could allow an attacker to execute arbitrary code on the affected system with no privileges or user interaction required. This could lead to full compromise of the Firefox process and potentially the underlying system. However, no known exploits have been reported in the wild as of the advisory date.
Mitigation Recommendations
Mozilla has released Firefox 146.0.1 which includes a fix for this vulnerability. Users and administrators should update to Firefox 146.0.1 or later to remediate this issue. Since this is a client-side application vulnerability, applying the official update is the recommended and effective mitigation.
CVE-2025-14860: Vulnerability in Mozilla Firefox
Description
Use-after-free in the Disability Access APIs component. This vulnerability was fixed in Firefox 146.0.1.
AI-Powered Analysis
Machine-generated threat intelligence
Technical Analysis
This vulnerability (CVE-2025-14860) involves a use-after-free condition in the Disability Access APIs component of Mozilla Firefox. Use-after-free bugs occur when a program continues to use a pointer after the memory it points to has been freed, potentially leading to memory corruption and arbitrary code execution. Mozilla addressed this issue in Firefox 146.0.1 as part of a set of memory safety fixes. The vulnerability has a CVSS v3.1 base score of 9.8, reflecting its critical impact with network attack vector, no required privileges or user interaction, and high confidentiality, integrity, and availability impacts.
Potential Impact
Successful exploitation of this vulnerability could allow an attacker to execute arbitrary code on the affected system with no privileges or user interaction required. This could lead to full compromise of the Firefox process and potentially the underlying system. However, no known exploits have been reported in the wild as of the advisory date.
Mitigation Recommendations
Mozilla has released Firefox 146.0.1 which includes a fix for this vulnerability. Users and administrators should update to Firefox 146.0.1 or later to remediate this issue. Since this is a client-side application vulnerability, applying the official update is the recommended and effective mitigation.
Technical Details
- Data Version
- 5.2
- Assigner Short Name
- mozilla
- Date Reserved
- 2025-12-18T00:22:09.553Z
- Cvss Version
- null
- State
- PUBLISHED
Threat ID: 69440f154eb3efac368cd702
Added to database: 12/18/2025, 2:26:29 PM
Last enriched: 4/14/2026, 11:40:49 AM
Last updated: 5/8/2026, 11:12:24 AM
Views: 143
Community Reviews
0 reviewsCrowdsource mitigation strategies, share intel context, and vote on the most helpful responses. Sign in to add your voice and help keep defenders ahead.
Want to contribute mitigation steps or threat intel context? Sign in or create an account to join the community discussion.
Actions
Updates to AI analysis require Pro Console access. Upgrade inside Console → Billing.
Need more coverage?
Upgrade to Pro Console for AI refresh and higher limits.
For incident response and remediation, OffSeq services can help resolve threats faster.
Latest Threats
Check if your credentials are on the dark web
Instant breach scanning across billions of leaked records. Free tier available.