Summary: Mozilla has addressed a critical security vulnerability in its Firefox browser, identified as CVE-2025-2857, which could allow attackers to bypass sandbox protections on Windows. This follows a similar vulnerability in Google Chrome that was exploited during espionage attacks in Russia. Currently, there is no evidence that this Firefox flaw has been exploited in the wild.
Affected: Mozilla Firefox
Keypoints :
- The vulnerability in Firefox allows escape from sandbox protections, potentially granting broader system access.
- This issue affects only the Firefox browser on Windows systems.
- Google had previously addressed a related vulnerability in Chrome, suggesting a pattern of targeted espionage attacks.
- CISA has added the Chrome vulnerability to its Known Exploited Vulnerabilities catalog due to its risk to federal enterprises.
- In an earlier patch, Mozilla addressed another critical flaw that allowed remote code execution without user interaction.
Source: https://therecord.media/firefox-sandbox-vulnerability-similar-chrome-zero-day