TL;DR
Mozilla has addressed a critical vulnerability, CVE-2025-2857, in Firefox for Windows, similar to a recently patched Chrome zero-day. The Firefox flaw could lead to a sandbox escape, but Mozilla confirms no known exploits in the wild.
Main Content
Mozilla Patches Critical Firefox Vulnerability CVE-2025-2857
Mozilla has released security updates to address a critical flaw, tracked as CVE-2025-2857, impacting Firefox for Windows. This vulnerability is similar to a recent Chrome zero-day exploit, tracked as CVE-2025-2783, which was actively exploited in the wild.
Understanding the Vulnerability
The vulnerability CVE-2025-2857 is an incorrect handle issue that could result in a sandbox escape. According to Mozilla’s advisory:
“Following the recent Chrome sandbox escape (CVE-2025-2783), various Firefox developers identified a similar pattern in our IPC code. A compromised child process could cause the parent process to return an unintentionally powerful handle, leading to a sandbox escape.”
The original vulnerability was exploited in the wild.
Discovery and Impact
Researcher Andrew McCreight discovered this vulnerability. It affected Firefox and Firefox ESR and was patched in:
- Firefox 136.0.4
- Firefox ESR 115.21.1
- Firefox ESR 128.8.1
Mozilla reports no known attacks exploiting this vulnerability in the wild.
Google’s Recent Patch
Google recently addressed a high-severity vulnerability, CVE-2025-2783, in the Chrome browser for Windows. This flaw, an incorrect handle in Mojo on Windows, was actively exploited in attacks targeting organizations in Russia. Kaspersky researchers Boris Larin and Igor Kuznetsov reported the vulnerability on March 20, 2025.
Mojo is Google’s IPC library for Chromium-based browsers, managing sandboxed processes for secure communication. Although it enhances Chrome’s security, past vulnerabilities have enabled sandbox escapes and privilege escalation.
CISA Alert
The U.S. Cybersecurity and Infrastructure Security Agency (CISA) has added the vulnerability CVE-2025-2783 to its Known Exploited Vulnerabilities (KEV) catalog.
Follow for More Updates
For the latest cybersecurity news, follow:
- Twitter: @securityaffairs
- Facebook: Security Affairs
- Mastodon: Security Affairs
- LinkedIn: Pierluigi Paganini
- Security Affairs
For more details, visit the full article: source
Conclusion
Mozilla’s prompt action in addressing the critical vulnerability CVE-2025-2857 underscores the importance of proactive cybersecurity measures. Users are advised to update their Firefox browsers immediately to ensure protection against potential threats. Staying informed about such vulnerabilities and patches is crucial for maintaining a secure digital environment.