Mozilla Foundation Security Advisory 2025-93

Security Vulnerabilities fixed in Firefox ESR 115.31

Announced

December 9, 2025

Impact

high

Products

Firefox ESR

Fixed in

Firefox ESR 115.31

#CVE-2025-14322: Sandbox escape due to incorrect boundary conditions in the Graphics: CanvasWebGL component

Reporter: Oskar L
Impact: high

References

Bug 1996473

#CVE-2025-14323: Privilege escalation in the DOM: Notifications component

Reporter: tiebuchen
Impact: high

References

Bug 1996555

#CVE-2025-14324: JIT miscompilation in the JavaScript Engine: JIT component

Reporter: Lingming Zhang
Impact: high

References

Bug 1996840

#CVE-2025-14331: Same-origin policy bypass in the Request Handling component

Reporter: Igor Morgenstern
Impact: moderate

References

Bug 2000218

Mozilla VPN

Mozilla Monitor

Firefox Relay

MDN Plus

Thunderbird

About Mozilla

The Mozilla Manifesto

Get Involved

Blog

Mozilla Foundation

Mozilla.ai

Mozilla Ventures

Mozilla Advertising

Mozilla Builders

Mozilla New Products

Mozilla Foundation Security Advisory 2025-93

Security Vulnerabilities fixed in Firefox ESR 115.31

#CVE-2025-14322: Sandbox escape due to incorrect boundary conditions in the Graphics: CanvasWebGL component

References

#CVE-2025-14323: Privilege escalation in the DOM: Notifications component

References

#CVE-2025-14324: JIT miscompilation in the JavaScript Engine: JIT component

References

#CVE-2025-14331: Same-origin policy bypass in the Request Handling component

References