Mozilla Firefox Security Restriction Bypass Vulnerability

Release Date: 28 Mar 2025 1322 Views

RISK: Medium Risk

Medium Risk

TYPE: Clients - Browsers

TYPE: Browsers
A vulnerability was identified in Mozilla Firefox. A remote attacker could exploit this vulnerability to trigger remote code execution on the targeted system.
 
Note:

Following the recent Chrome sandbox escape (CVE-2025-2783), various Firefox developers identified a similar pattern in their IPC code. A compromised child process could cause the parent process to return an unintentionally powerful handle, leading to a sandbox escape.

 

The original vulnerability CVE-2025-2783 was being exploited in the wild. But, there is currently no indication that the vulnerability in this advisory, CVE-2025-2857, is being exploited in the wild. Hence, the risk level is rated as Medium Risk.


This only affects Firefox on Windows. Other operating systems are unaffected.

Impact

  • Security Restriction Bypass

System / Technologies affected

Versions prior to:

  • Firefox 136.0.4
  • Firefox ESR 115.21.1
  • Firefox ESR 128.8.1

Solutions

Before installation of the software, please visit the vendor web-site for more details.

Apply fix issued by the vendor:

  • Firefox 136.0.4
  • Firefox ESR 115.21.1
  • Firefox ESR 128.8.1

Vulnerability Identifier

Source

Related Link

Related Tags

MozillaFirefoxSecurity Restriction Bypass

Share with

Previous

Microsoft Edge Security Restriction Bypass Vulnerability

28 Mar 2025 1911 Views

Next

Ubuntu Linux Kernel Multiple Vulnerabilities

3 Mar 2025 3036 Views

We use cookies to give you the best possible experience on our website. By continuing to browse this site, you give consent for cookies to be used. For more details please read our Cookie Policy.

PRIVACY POLICY