Pierluigi Paganini March 28, 2025

Mozilla addressed a critical vulnerability, tracked as CVE-2025-2857, impacting its Firefox browser for Windows.

Mozilla has released security updates to address a critical flaw, tracked as CVE-2025-2857, impacting its Firefox browser for Windows. Recently, Google addressed a similar vulnerability, tracked as CVE-2025-2783, in Chrome that has been actively exploited in the wild as a zero-day.

The vulnerability CVE-2025-2857 is an incorrect handle that could lead to a sandbox escape.

“Following the recent Chrome sandbox escape (CVE-2025-2783), various Firefox developers identified a similar pattern in our IPC code. A compromised child process could cause the parent process to return an unintentionally powerful handle, leading to a sandbox escape.” reads the advisory. “The original vulnerability was being exploited in the wild.”

The researchers Andrew McCreight discovered this vulnerability.

The vulnerability impacted Firefox and Firefox ESR, it was addressed in Firefox 136.0.4, Firefox ESR 115.21.1, and Firefox ESR 128.8.1. Mozilla is not aware of attacks in the wild exploiting this vulnerability.

Google has released out-of-band fixes to address a high-severity security vulnerability, tracked as CVE-2025-2783, in Chrome browser for Windows. The flaw was actively exploited in attacks targeting organizations in Russia.

The vulnerability is an incorrect handle provided in unspecified circumstances in Mojo on Windows. Kaspersky researchers Boris Larin (@oct0xor) and Igor Kuznetsov (@2igosha) reported the vulnerability on March 20, 2025.

Mojo is Google’s IPC library for Chromium-based browsers, managing sandboxed processes for secure communication. On Windows, it enhances Chrome’s security, but past vulnerabilities have enabled sandbox escapes and privilege escalation.

Google did not share details about the attacks that exploited this vulnerability or the identity of the threat actors behind them.

This week, the U.S. Cybersecurity and Infrastructure Security Agency (CISA) added the vulnerability CVE-2025-2783 to its Known Exploited Vulnerabilities (KEV) catalog.

Follow me on Twitter: @securityaffairs and Facebook and Mastodon

Pierluigi Paganini

(SecurityAffairs – hacking, Mozilla)