Mozilla has released an urgent update for Firefox on Windows to address a critical vulnerability.
This move comes after a similar exploit was identified in Google Chrome, highlighting the need for swift action to protect users.
The latest update affects Firefox 136.0.4 and Firefox Extended Support Release (ESR) versions 128.8.1 and 115.21.1.
.png
)
The fix is specifically designed to mitigate a sandbox escape vulnerability, which could lead to a compromised child process manipulating the parent process into returning an overly powerful handle.
CVE-2025-2857: The Critical Vulnerability
CVE-2025-2857 is a critical issue identified by Firefox developers after analyzing a similar pattern in their Inter-Process Communication (IPC) code.
This vulnerability, although related to a known Chrome exploit (CVE-2025-2783), is unique to Firefox.
The situation is compounded by evidence that this vulnerability was being exploited in the wild, emphasizing the urgency of the patch.
Impact Details:
- Affected Products: Firefox and Firefox ESR
- Affected Platforms: Windows
- Other Operating Systems: Unaffected
- Reporter: Andrew McCreight
The Chrome Zero-Day Exploit
The recent Chrome exploit, referred to as CVE-2025-2783, has highlighted vulnerabilities in sandboxing technologies used by major browsers.
A sandbox escape allows malicious actors to bypass security restrictions designed to isolate processes and potentially execute harmful code outside the intended boundaries.
Mozilla’s proactive stance in identifying and resolving the issue quickly underscores its commitment to user security.
By closely monitoring the evolving threat landscape and collaborating with security researchers, Mozilla has managed to address the vulnerability before it could cause significant damage.
Firefox users on Windows are advised to update their browsers to the latest version as soon as possible. Users can check for updates within Firefox by navigating to the “Help” menu and selecting “About Firefox.”
The update will install automatically if an internet connection is available.
The swift release of updates by Mozilla reflects the ever-changing nature of cybersecurity threats and the importance of staying vigilant.
As technology evolves, so too do the tactics of those seeking to exploit vulnerabilities. Users should remain alert and follow best practices for keeping their software up to date to ensure their online safety.
Are you from SOC/DFIR Teams? – Analyse Malware, Phishing Incidents & get live Access with ANY.RUN -> Start Now for Free.
