Firefox Update Fixes Sandbox Escape Flaw Similar to Chrome Zero-Day
Firefox Update Patches Sandbox Escape Vulnerability
Mozilla has released urgent security updates to fix a critical sandbox escape vulnerability in its Firefox browser, closely mirroring a recently exploited Chrome zero-day flaw.
The vulnerability, tracked as CVE-2025-2857, stems from an incorrect handle in Firefox’s inter-process communication (IPC) code, allowing a compromised child process to gain elevated privileges and escape the browser’s sandbox.
Mozilla acknowledged the issue in a security advisory, stating:
“Following the recent Chrome sandbox escape (CVE-2025-2783), various Firefox developers identified a similar pattern in our IPC code.”
The flaw has been addressed in the following versions:
Firefox 136.0.4
Firefox ESR 115.21.1
Firefox ESR 128.8.1
While there is currently no evidence that CVE-2025-2857 has been exploited in the wild, Mozilla urges users to update their browsers immediately to mitigate potential risks.
See Also: So, you want to be a hacker?
Offensive Security, Bug Bounty Courses
Discover your weakest link. Be proactive, not reactive. Cybercriminals need just one flaw to strike.
Firefox Patch Comes Days After Chrome Zero-Day Attack
The Firefox fix follows Google’s emergency patch for Chrome (CVE-2025-2783), a vulnerability actively exploited in a cyber-espionage campaign targeting media outlets, educational institutions, and government agencies in Russia.
According to Kaspersky, the Chrome zero-day was used in phishing attacks where victims unknowingly clicked malicious links embedded in emails, leading to infection via a compromised website. The attackers then chained the Chrome zero-day with another unknown exploit to break out of the sandbox and achieve remote code execution.
Trending: Major Cyber Attacks that shaped 2024
Trending: Offensive Security Tool: DS Viper
CISA Adds Chrome Zero-Day to Exploited Vulnerabilities List
The U.S. Cybersecurity and Infrastructure Security Agency (CISA) has since added CVE-2025-2783 to its Known Exploited Vulnerabilities (KEV) catalog, requiring all federal agencies to apply the patch by April 17, 2025.
With both Google and Mozilla addressing similar sandbox escape flaws, security experts warn that threat actors could attempt to exploit unpatched browsers, making immediate updates crucial for users.
Users Advised to Update Firefox and Chrome Immediately
Mozilla’s rapid response highlights the importance of proactive security measures in preventing browser-based attacks.
Users are strongly advised to:
✔ Update Firefox to the latest patched version (136.0.4 or corresponding ESR versions).
Are u a security researcher? Or a company that writes articles about Cyber Security, Offensive Security (related to information security in general) that match with our specific audience and is worth sharing? If you want to express your idea in an article contact us here for a quote: [email protected]
Source: thehackernews.com
Recent News
Offensive Security & Ethical Hacking Course
Begin the learning curve of hacking now!
Information Security Solutions
Find out how Pentesting Services can help you.
