Mozilla has addressed a critical security vulnerability in Firefox for Windows, identified as CVE-2025-2857, which was actively being exploited. The update to version 136.0.4 addresses concerns similar to a recently patched bug in Google Chrome. The vulnerability allows potential attackers to escape the browser's sandbox restrictions, which protect user data and applications. This issue also affects the Tor Browser, prompting a corresponding patch. The discovery was made by Kaspersky's Boris Larin, who linked the exploit to targeted attacks against specific groups like journalists and government workers in Russia.
Mozilla has fixed a security bug in its Firefox for Windows browser that was being exploited in the wild.
Kaspersky researcher Boris Larin, who first discovered the Chrome zero-day, confirmed in a post that the root cause of the Chrome bug also affects Firefox.
Collection
[
|
...
]