CyberSecurity news
FlagThis
@The DefendOps Diaries
//
Mozilla has issued an urgent security update for its Firefox browser on Windows to address a critical sandbox escape vulnerability, identified as CVE-2025-2857. This flaw allows attackers to bypass the browser's security sandbox, posing significant risks to Windows users. Mozilla is releasing security updates for Firefox versions 136.0.4 and Firefox ESR versions 128.8.1 and 115.21.1 to patch this vulnerability.
The vulnerability, reported by Mozilla developer Andrew McCreight, involves an incorrect handle that could lead to sandbox escapes, potentially enabling attackers to execute arbitrary code on affected systems. This comes after a similar exploit, CVE-2025-2783, was identified in Google Chrome. Windows users are advised to update their browsers to the latest version as soon as possible to mitigate this risk.
ImgSrc: thedefendopsdia
References :
The vulnerability, reported by Mozilla developer Andrew McCreight, involves an incorrect handle that could lead to sandbox escapes, potentially enabling attackers to execute arbitrary code on affected systems. This comes after a similar exploit, CVE-2025-2783, was identified in Google Chrome. Windows users are advised to update their browsers to the latest version as soon as possible to mitigate this risk.
ImgSrc: thedefendopsdia
Share:
References :
- securityonline.info: Mozilla releases urgent security patch for Windows users as researchers uncover another IPC vulnerability echoing a recently exploited
- The DefendOps Diaries: Mozilla warns of a critical Firefox vulnerability allowing sandbox escapes, posing significant security risks to Windows users.
- The Hacker News: Mozilla has released updates to address a critical security flaw impacting its Firefox browser for Windows, merely days after Google patched a similar flaw in Chrome that came under active exploitation as a zero-day.
- BleepingComputer: Mozilla has released Firefox 136.0.4 to patch a critical security vulnerability that can let attackers escape the web browser's sandbox on Windows systems.
- CyberInsider: Firefox Says It’s Vulnerable to Chrome’s Zero-Day Used in Espionage Attacks
- The Register - Security: After Chrome patches zero-day used to target Russians, Firefox splats similar bug
- Security Affairs: Mozilla fixed critical Firefox vulnerability CVE-2025-2857
- PCMag UK security: Chrome Zero-Day Flaw Also Affects Firefox
- gbhackers.com: Mozilla is working to patch the vulnerability, tracked as CVE-2025-2857, with security updates for Firefox 136.0.4 and Firefox ESR versions 128.8.1 and 115.21.1.
- MSPoweruser: Google patches a Chrome zero-day vulnerability used in espionage
- thecyberexpress.com: Mozilla has issued an urgent update for Firefox on Windows to patch a critical security vulnerability.
Classification:
- HashTags: #Firefox #Vulnerability #SecurityPatch
- Company: Mozilla
- Target: Windows users
- Product: Firefox
- Feature: sandbox
- Type: Vulnerability
- Severity: Critical