Summary: Mozilla has released Firefox 136.0.4 to address a critical security vulnerability, tracked as CVE-2025-2857, that allows attackers to escape the browser’s sandbox on Windows systems. The flaw was reported by Mozilla developer Andrew McCreight and affects both standard and extended support releases of Firefox. Mozilla noted that this vulnerability bears similarities to a recently patched Chrome zero-day exploit.
Affected: Mozilla Firefox (Windows versions)
Keypoints :
- Critical vulnerability CVE-2025-2857 allows for sandbox escapes on Windows versions of Firefox.
- Impacts the latest standard and extended support releases of Firefox.
- Similar vulnerability recently exploited in Chrome was also addressed, indicating a pattern of exploitation.