AI description
CVE-2025-2857 is a security vulnerability in Mozilla Firefox that allows attackers to escape the browser's sandbox on Windows systems. A compromised child process could cause the parent process to return an unintentionally powerful handle, leading to a sandbox escape. This vulnerability is similar to CVE-2025-2783, a previously exploited zero-day vulnerability in Chrome. The flaw stems from mismanagement of system handles that inadvertently grants elevated access to unprivileged child processes. This issue exclusively affects Firefox on Windows, with other operating systems remaining unaffected.
- Description
- Following the recent Chrome sandbox escape (CVE-2025-2783), various Firefox developers identified a similar pattern in our IPC code. A compromised child process could cause the parent process to return an unintentionally powerful handle, leading to a sandbox escape. The original vulnerability was being exploited in the wild. *This only affects Firefox on Windows. Other operating systems are unaffected.* This vulnerability affects Firefox < 136.0.4, Firefox ESR < 128.8.1, and Firefox ESR < 115.21.1.
- Source
- security@mozilla.org
- NVD status
- Analyzed
CVSS 3.1
- Type
- Secondary
- Base score
- 10
- Impact score
- 6
- Exploitability score
- 3.9
- Vector string
- CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H
- Severity
- CRITICAL
- Hype score
- Not currently trending
🚨 Mozilla corrige una vulnerabilidad crítica en Firefox (CVE-2025-2857) que permitía ejecución remota de código; usuarios deben actualizar urgentemente para evitar riesgos de seguridad. 👇👇 #Ciberseguridad #Firefox #Actualización 𝗠𝗢𝗭𝗜𝗟𝗟𝗔 𝗔𝗧𝗘𝗡𝗗𝗜𝗢 https://t.co/kxEA
@C1B3R53CUR1TY
21 Apr 2025
16 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
Mozilla patched CVE-2025-2857 in Firefox after Chrome’s exploited zero-day revealed similar IPC flaws. Learn more: https://t.co/krXhUHL237 #mozilla #IPC #CyberSecurityAwareness
@thehlayer
7 Apr 2025
13 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
🚨🔒 Firefox just got a major update! Mozilla has patched a critical bug (CVE-2025-2857) that had some similarities to Chrome's recent zero-day vulnerability. Read more: https://t.co/r3HP4zmN2A https://t.co/eG9vctwB67
@Stealthiss_
6 Apr 2025
19 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
به تازگی برای مرورگر فایرفاکس, آسیب پذیری با کد شناسایی CVE-2025-2857 منتشر شده است. این آسیب پذیری برای Firefox 136.0.4 و Firefox ESR ورژن 128.8.1 منتشر شده است برای پیشگیری و مقابله با این تهدید ، مرورگر فایرفاکس خود را به روز رسانی نمایید. https://t.co/Poz3aKY03t https://t.co/
@AmirHossein_sec
4 Apr 2025
17 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
Actively exploited CVE : CVE-2025-2857
@transilienceai
2 Apr 2025
13 Impressions
0 Retweets
0 Likes
0 Bookmarks
1 Reply
0 Quotes
Actively exploited CVE : CVE-2025-2857
@transilienceai
1 Apr 2025
11 Impressions
0 Retweets
0 Likes
0 Bookmarks
1 Reply
0 Quotes
Firefox users, update now! A critical bug (CVE-2025-2857) just got patched same sandbox escape class as the Chrome zero-day (CVE-2025-2783) actively exploited in the wild. https://t.co/GvPy7ROC6I
@achi_tech
31 Mar 2025
25 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
New Chrome & Firefox zero-days: Here’s what you need to know! - Attackers exploited a Chrome sandbox flaw (CVE-2025-2783) to target Russian journalists & gov agencies. - Mozilla found a similar unpatched Firefox bug (CVE-2025-2857). - Update your browser ASAP! #CyberSec
@Shift6Security
31 Mar 2025
46 Impressions
2 Retweets
2 Likes
0 Bookmarks
0 Replies
0 Quotes
این نقص در فایرفاکس که با عنوان CVE-2025-2857 ردیابی شده است، به مهاجمان امکان میدهد تا از مکانیزم ایزولهسازی (Sandbox) مرورگر عبور کرده و به سیستم دسترسی گستردهتری پیدا کنند. بر اساس اعلام موزیلا، این مشکل تنها فایرفاکس در ویندوز را تحت تأثیر قرار میدهد https://t.co/TydYiG6W
@cybernetic_cy
31 Mar 2025
50 Impressions
2 Retweets
8 Likes
0 Bookmarks
4 Replies
0 Quotes
Actively exploited CVE : CVE-2025-2857
@transilienceai
31 Mar 2025
20 Impressions
0 Retweets
0 Likes
0 Bookmarks
1 Reply
0 Quotes
Mozilla has released updates to address a critical security vulnerability, CVE-2025-2857, impacting its Firefox browser for Windows, merely days after Google patched a similar flaw in Chrome that came under active exploitation as a zero-day. https://t.co/RJe32kl06c https://t.co/6
@riskigy
30 Mar 2025
38 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
Actively exploited CVE : CVE-2025-2857
@transilienceai
30 Mar 2025
19 Impressions
0 Retweets
0 Likes
0 Bookmarks
1 Reply
0 Quotes
هشدار امنیتی با شناسه CVE-2025-2857: موزیلا نقص مشترک با کروم را اصلاح کرد! #Cybersecurity #Cybersecurity_News #اخبار_امنیت_سایبری #CVE_2025_2783 #CVE_2025_2857 #CISA #Chrome #کروم #Firefox #فایرفاکس #KEV #Mozilla #Tor https://t.co/z3db4Dyi2k
@vulnerbyte
30 Mar 2025
28 Impressions
0 Retweets
1 Like
0 Bookmarks
0 Replies
0 Quotes
🚨 تحديثات أمنية لمتصفح فايرفوكس 🚨 تعديلات لثغرة حرجة في فايرفوكس على ويندوز بعد تصحيح كروم. الثغرة CVE-2025-2857، تهدد الأمان السيبراني بقطاعات حيوية وتتطلب تحديثًا عاجلًا. 🔗 قراءة المزيد: https://t.co/73sJCZnIaH #الأمن_السيبراني #فايرفوكس #تحديثات_أمنية
@CYBRAT_NET
30 Mar 2025
15 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
Mozilla fixes🧐 critical vulnerability in Firefox, similar to Chrome bug Mozilla has released a security patch for Firefox 136.0.4, fixing the actively exploited CVE-2025-2857 bug. https://t.co/AoAF4J57K1
@MoraruE67746
29 Mar 2025
32 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
Mozilla has released security updates to address a critical flaw, tracked as CVE-2025-2857, impacting its Firefox browser for Windows. Sentiment: Negative (-0.40) Source: https://t.co/8v8jOlwOYf
@0xSqui
29 Mar 2025
31 Impressions
0 Retweets
1 Like
0 Bookmarks
0 Replies
0 Quotes
CVE-2025-2857 Sandbox Escape Vulnerability in Firefox on Windows Due to IPC Handle Leak https://t.co/aHTK04roSQ
@VulmonFeeds
29 Mar 2025
4 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
Firefox Browser Extended Support Release 115.21.1 esr (64 bit) 更新 https://t.co/AFlMqToLC1 珍しいな? 115.22 も近いだろうに Security fix だってさ。 CVE-2025-2857: Incorrect handle could lead to sandbox escapes https://t.co/QJKOLFwHYQ
@TodaProduction
29 Mar 2025
58 Impressions
0 Retweets
2 Likes
0 Bookmarks
0 Replies
0 Quotes
Mar 28, 2025 - 🚨BREAKING: Firefox patches critical bug exploited in the wild (CVE-2025-2857). Update to version 136.0.4 ASAP to protect your security. Bug affects not only Firefox, but also Tor Browser. Linked to attacks on journalists, educational institutions & government
@TechDeckNews
29 Mar 2025
24 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
CVE-2025-2857: New Firefox Sandbox Escape Emerges Following Active Exploitation of CVE-2025-2783 https://t.co/K1KXm6HunP
@samilaiho
29 Mar 2025
804 Impressions
2 Retweets
3 Likes
2 Bookmarks
0 Replies
1 Quote
Mozilla has patched a critical vulnerability in Firefox (CVE-2025-2857) that could let attackers bypass Windows sandbox protections. No current evidence of exploitation. 🦊🔒 #Mozilla #Windows #Russia link: https://t.co/PPkyNITgmK https://t.co/2XVya4U2W7
@TweetThreatNews
28 Mar 2025
10 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
🚨 Firefox users, update now! A critical bug (CVE-2025-2857) just got patched—same sandbox escape class as the Chrome zero-day (CVE-2025-2783) actively exploited in the wild. 📖 Full story: https://t.co/CQNloIATjh 🔒 Patch now. https://t.co/vHDrB29evZ
@CryptoDaku_
28 Mar 2025
5394 Impressions
14 Retweets
53 Likes
1 Bookmark
6 Replies
0 Quotes
Firefox Users Alert Mozilla patches critical flaw (CVE-2025-2857) similar to Chrome’s zero-day used in attacks on Russian orgs. Update Firefox to 136.0.4 or ESR versions now! Edge & Opera may also be vulnerable. Stay safe! https://t.co/Fiax56pIzK #CyberSecurity #Firefox h
@dCypherIO
28 Mar 2025
29 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
Mozilla fixed critical Firefox vulnerability CVE-2025-2857 https://t.co/UXhZjVJJZK
@hackplayers
28 Mar 2025
518 Impressions
2 Retweets
7 Likes
1 Bookmark
0 Replies
0 Quotes
The root cause of the Chrome 0-day vulnerability CVE-2025-2783, which we discovered used in attacks with sophisticated malware, also affects the Firefox! New CVE-2025-2857 has just been fixed in Firefox 136.0.4, and you can read about what led to its discovery at the link below.
@oct0xor
28 Mar 2025
8691 Impressions
16 Retweets
96 Likes
32 Bookmarks
1 Reply
3 Quotes
Mozilla has patched a critical Firefox vulnerability (CVE-2025-2857) that could lead to sandbox escapes, similar to a recent Chrome issue. Ensure browser updates for security! 🔒🌐 #Mozilla #Firefox #USA link: https://t.co/SaFDOSzUOZ https://t.co/HshjUgiZrH
@TweetThreatNews
28 Mar 2025
62 Impressions
0 Retweets
1 Like
0 Bookmarks
0 Replies
0 Quotes
Critical Firefox 0-Day: CVE-2025-2857 enables sandbox escape after active exploitation of CVE-2025-2783. Urgent update required—attackers gain elevated privileges. https://t.co/BSjk97f5mG #CyberSecurity #ZeroDay
@adriananglin
28 Mar 2025
43 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
Mozilla、Windowsユーザーに対し、Firefoxの重要なサンドボックスエスケープの脆弱性について警告(CVE-2025-2857) https://t.co/B7wEebqJ7O #Security #セキュリティ #ニュース
@SecureShield_
28 Mar 2025
26 Impressions
1 Retweet
0 Likes
0 Bookmarks
0 Replies
0 Quotes
🚨 Firefox users, update now! A critical bug (CVE-2025-2857) just got patched—same sandbox escape class as the Chrome zero-day (CVE-2025-2783) actively exploited in the wild. 📖 Full story: https://t.co/Eu3sPhTeTX 🔒 Patch now | Spread the word | Stay safe https://t.co/L3yW4aP
@dysafhackx
28 Mar 2025
33 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
Mozilla has released Firefox 136.0.4 to address a critical vulnerability (CVE-2025-2857) that allows attackers to escape the browser's sandbox on Windows. https://t.co/CVgAmpn1qk
@securityRSS
28 Mar 2025
16 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
📌 قامت Mozilla بتحديث متصفح Firefox لإصلاح عيب أمني حرج، بعد أيام من قيام Google بإصلاح عيب مشابه في Chrome كان قيد الاستغلال. يُعرف العيب باسم CVE-2025-2857، ويتعلق بسوء إدارة يمكن أن يؤدي إلى هروب من سياق الحماية. #الامن_السيبراني https://t.co/qm5cjsNcfa
@Cybercachear
28 Mar 2025
34 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
🚨 Mozilla patches a critical flaw in Firefox that allows sandbox escape on Windows. CVE-2025-2857 ties to Chrome’s similar zero-day threat. Update now. Details below: 🔗 https://t.co/Df1floxXS1 #CyberSecurity #Firefox #Infosec #Windows
@threatsbank
28 Mar 2025
6 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
🚨 Firefox users, update now! A critical bug (CVE-2025-2857) just got patched—same sandbox escape class as the Chrome zero-day (CVE-2025-2783) actively exploited in the wild. 📖 Full story: https://t.co/OJaaQiyKOq 🔒 Patch now | Spread the word | Stay safe
@TheHackersNews
28 Mar 2025
68091 Impressions
105 Retweets
217 Likes
34 Bookmarks
6 Replies
1 Quote
Firefoxの脆弱性(CVE-2025-2857)、LibreWolfにも136.0.4-1来てたので更新した (今回の件のやつはWindowsのみに影響するらしいけど) https://t.co/M9ejZBRlKr
@hogehoge61
28 Mar 2025
98 Impressions
0 Retweets
1 Like
1 Bookmark
0 Replies
0 Quotes
Mozilla warns Windows users of a critical vulnerability (CVE-2025-2857) in Firefox that allows sandbox escapes. This impacts all current Firefox releases. Stay vigilant! 🔒🦊 #FirefoxUpdate #Windows #Mozilla link: https://t.co/ZMx28a8ieL https://t.co/50BskkymNy
@TweetThreatNews
27 Mar 2025
61 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
Firefox 136.0.4 リリース 。 セキュリティFixとして、 サンドボックス脱出の可能性が有る 重大な脆弱性 CVE-2025-2857 に対処。 (但し、 Windowsシステムのみ影響。 他OSは影響無し) https://t.co/6mXeIKTdtl https://t.co/xbfVsEKAj6
@macmacintosh
27 Mar 2025
60 Impressions
0 Retweets
2 Likes
0 Bookmarks
0 Replies
0 Quotes
CVE-2025-2857: New Firefox Sandbox Escape Emerges Following Active Exploitation of CVE-2025-2783 https://t.co/BcZaEdrIQB
@Dinosn
27 Mar 2025
3065 Impressions
16 Retweets
43 Likes
13 Bookmarks
0 Replies
0 Quotes
CVE-2025-2857 Following the sandbox escape in CVE-2025-2783, various Firefox developers identified a similar pattern in our IPC code. Attackers were able to confuse the parent proces… https://t.co/dvfomQ4vCs
@CVEnew
27 Mar 2025
189 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
[
{
"nodes": [
{
"negate": false,
"cpeMatch": [
{
"criteria": "cpe:2.3:a:mozilla:firefox:*:*:*:*:-:*:*:*",
"vulnerable": true,
"matchCriteriaId": "8D63728B-F6A1-4AE4-8E2A-06279158154D",
"versionEndExcluding": "136.0.4"
}
],
"operator": "OR"
}
]
},
{
"nodes": [
{
"negate": false,
"cpeMatch": [
{
"criteria": "cpe:2.3:a:mozilla:firefox:*:*:*:*:esr:*:*:*",
"vulnerable": true,
"matchCriteriaId": "49918C23-8656-4D5F-B626-1B7ED8E45F8F",
"versionEndExcluding": "115.21.1"
},
{
"criteria": "cpe:2.3:a:mozilla:firefox:*:*:*:*:esr:*:*:*",
"vulnerable": true,
"matchCriteriaId": "D508F954-1ED2-4185-96B1-571172C5897D",
"versionEndExcluding": "128.8.1",
"versionStartIncluding": "128.1.0"
}
],
"operator": "OR"
}
]
}
]