
Mozilla has patched a critical sandbox escape vulnerability in Firefox that shares key traits with a zero-day actively exploited in Google Chrome as part of an ongoing espionage campaign.
The vulnerability, tracked as CVE-2025-2857, affects Firefox on Windows and has been fixed in versions 136.0.4, ESR 128.8.1, and ESR 115.21.1.
The flaw was discovered by Firefox engineer Andrew McCreight following analysis of CVE-2025-2783, a Chrome vulnerability abused by attackers in Operation ForumTroll. According to Mozilla's security bulletin, developers identified a similar logic flaw in Firefox's inter-process communication (IPC) code that could allow attackers to confuse the parent process into leaking privileged handles into sandboxed child processes. This results in a complete sandbox escape, nullifying one of the browser's primary security defenses.
Mozilla's advisory confirmed that the vulnerability posed a critical threat and had potential for exploitation in the wild. The flaw is exclusive to Firefox running on Windows; users on macOS, Linux, and other platforms are unaffected. Mozilla cited internal discovery following the Chrome disclosure and emphasized that the same class of bug—an “incorrect handle” issue—existed in their own browser codebase.
The Chrome vulnerability, CVE-2025-2783, was disclosed by Kaspersky yesterday after researchers tied its active exploitation to Operation ForumTroll. This espionage campaign targeted Russian academic, media, and governmental institutions using carefully crafted phishing emails that redirected users to a fake version of an actual conference website. Simply clicking the malicious link was enough to trigger a silent infection via Chrome, exploiting the IPC flaw to escape the browser's sandbox.
Google responded with an emergency patch in Chrome version 134.0.6998.177/.178 for Windows. Kaspersky noted that the exploit chain likely involved additional, as-yet-undisclosed vulnerabilities to gain complete control over targeted systems.
Firefox, developed by the Mozilla Foundation, is the world's fourth most-used web browser, holding an estimated 3% of the global desktop market share. Despite its smaller footprint than Chrome, it is widely used in privacy-conscious communities, research institutions, and parts of the open-source development ecosystem. Vulnerabilities in Firefox can carry outsized risks in sensitive environments, particularly when they overlap with exploits already proven effective in active campaigns.
Mozilla's swift response suggests heightened awareness around cross-platform exploitability and increased scrutiny following high-profile Chrome zero-days.
Windows users are advised to update Firefox immediately to version 136.0.4 or Firefox ESR 128.8.1 / 115.21.1.
Leave a Reply