Mozilla has launched updates to deal with a vital safety flaw impacting its Firefox browser for Home windows, merely days after Google patched the same flaw in Chrome that got here below lively exploitation as a zero-day.
The safety vulnerability, CVE-2025-2857, has been described as a case of an incorrect deal with that might result in a sandbox escape.
“Following the latest Chrome sandbox escape (CVE-2025-2783), varied Firefox builders recognized the same sample in our IPC [inter-process communication] code,” Mozilla said in an advisory.
“A compromised baby course of might trigger the dad or mum course of to return an unintentionally highly effective deal with, resulting in a sandbox escape.”
The shortcoming, which impacts Firefox and Firefox ESR, has been addressed in Firefox 136.0.4, Firefox ESR 115.21.1, and Firefox ESR 128.8.1. There is no such thing as a proof that CVE-2025-2857 has been exploited within the wild.
The event comes as Google released Chrome model 134.0.6998.177/.178 for Home windows to repair CVE-2025-2783, which has been exploited within the wild as a part of assaults concentrating on media shops, academic establishments, and authorities organizations in Russia.
Kaspersky, which detected the exercise in mid-March 2025, stated the an infection occurred after unspecified victims clicked on a specifically crafted hyperlink in phishing emails and the attacker-controlled web site was opened utilizing Chrome.
CVE-2025-2783 is alleged to have been chained along with one other unknown exploit within the net browser to interrupt out of the confines of the sandbox and obtain distant code execution. That stated, patching the bug successfully blocks the complete assault chain.
The U.S. Cybersecurity and Infrastructure Safety Company (CISA) has since added the flaw to its Identified Exploited Vulnerabilities (KEV) catalog, requiring that federal businesses apply the mandatory mitigations by April 17, 2025.
Customers are really helpful to replace their browser cases to the most recent variations to safeguard towards potential dangers.
Source link