Summary: Mozilla has released updates to fix a critical security flaw in its Firefox browser, identified as CVE-2025-2857, which could lead to a sandbox escape. This vulnerability mirrors a recent issue in Google Chrome, which has already been exploited in the wild. Users are urged to update their browsers to protect against potential risks.

Affected: Mozilla Firefox and Firefox ESR

Keypoints :

• Mozilla identified a critical vulnerability (CVE-2025-2857) in Firefox that could lead to a sandbox escape.
• The flaw has been patched in versions Firefox 136.0.4, Firefox ESR 115.21.1, and Firefox ESR 128.8.1.
• CISA has included the flaw in its Known Exploited Vulnerabilities (KEV) catalog, mandating federal agencies to implement fixes by April 17, 2025.
• Users are strongly advised to update to the latest browser versions to mitigate risks.