Mozilla released updates to address a critical security lack that affects its Firefox browser for Windows, just a few days after Google recorded a similar lack of Chrome, which was actively operating as a zero day.
Security vulnerability, CVE-2025-2857, was described as a case of the wrong handle that could lead to the escape of the sandbox.
“After the recent Chrome Sandbox shoots (Cve-2025-2783), various Firefox developers have defined a similar picture in our IPC code”, Mozilla – Note In advisory.
“The disrupted child process can force the parental process to return the unintentional handle, which will lead to escape from the sandbox.”
The disadvantage affecting Firefox and Firefox ESR was considered in Firefox 136.0.4, Firefox ESR 115.21.1, and Firefox ESR 128.1. There is no evidence that the CVE-2025-2857 was used in the wild.
Development comes like Google liberated Chrome Version 134.6998.177/
Kaspersky, who discovered the activity in mid -March 2025, said the infection occurred after the indefinite victims had pressed a specially designed link in phishing electronic letters, and the site controlled by the attacker was open Chrome.
It is said that the CVE-2025-2783 was chained with another unknown feat in the web browser to escape from the sandbox and reach the remote code. Given this, the error fix effectively blocks the entire attack chain.
Since then, the cybersecurity and infrastructure agency (CISA) has since added The lack of its famous exploited vulnerabilities (Ship) A catalog that requires that federal agencies apply the necessary mitigation by April 17, 2025.
Users are advised to update browser copies to latest versions to protect against potential risks.
