Firefox Update Fixes Sandbox Escape Flaw Similar to Chrome Zero-Day

by | Mar 28, 2025 | News




Join our Patreon Channel and Gain access to 70+ Exclusive Walkthrough Videos.

Patreon
Reading Time: 3 Minutes

Firefox Update Patches Sandbox Escape Vulnerability

Mozilla has released urgent security updates to fix a critical sandbox escape vulnerability in its Firefox browser, closely mirroring a recently exploited Chrome zero-day flaw.

The vulnerability, tracked as CVE-2025-2857, stems from an incorrect handle in Firefox’s inter-process communication (IPC) code, allowing a compromised child process to gain elevated privileges and escape the browser’s sandbox.

Mozilla acknowledged the issue in a security advisory, stating:

“Following the recent Chrome sandbox escape (CVE-2025-2783), various Firefox developers identified a similar pattern in our IPC code.”

The flaw has been addressed in the following versions:

  • Firefox 136.0.4

  • Firefox ESR 115.21.1

  • Firefox ESR 128.8.1

While there is currently no evidence that CVE-2025-2857 has been exploited in the wild, Mozilla urges users to update their browsers immediately to mitigate potential risks.

See Also: So, you want to be a hacker?
Offensive Security, Bug Bounty Courses




Discover your weakest link. Be proactive, not reactive. Cybercriminals need just one flaw to strike.

Firefox Patch Comes Days After Chrome Zero-Day Attack

The Firefox fix follows Google’s emergency patch for Chrome (CVE-2025-2783), a vulnerability actively exploited in a cyber-espionage campaign targeting media outlets, educational institutions, and government agencies in Russia.

According to Kaspersky, the Chrome zero-day was used in phishing attacks where victims unknowingly clicked malicious links embedded in emails, leading to infection via a compromised website. The attackers then chained the Chrome zero-day with another unknown exploit to break out of the sandbox and achieve remote code execution.




CISA Adds Chrome Zero-Day to Exploited Vulnerabilities List

The U.S. Cybersecurity and Infrastructure Security Agency (CISA) has since added CVE-2025-2783 to its Known Exploited Vulnerabilities (KEV) catalog, requiring all federal agencies to apply the patch by April 17, 2025.

With both Google and Mozilla addressing similar sandbox escape flaws, security experts warn that threat actors could attempt to exploit unpatched browsers, making immediate updates crucial for users.

Users Advised to Update Firefox and Chrome Immediately

Mozilla’s rapid response highlights the importance of proactive security measures in preventing browser-based attacks.
Users are strongly advised to:
Update Firefox to the latest patched version (136.0.4 or corresponding ESR versions).

Are u a security researcher? Or a company that writes articles about Cyber Security, Offensive Security (related to information security in general) that match with our specific audience and is worth sharing? If you want to express your idea in an article contact us here for a quote: info@blackhatethicalhacking.com

Source: thehackernews.com

Source Link

Merch

Recent News

EXPLORE OUR STORE

Offensive Security & Ethical Hacking Course

Begin the learning curve of hacking now!


Information Security Solutions

Find out how Pentesting Services can help you.


Join our Community

Share This