Firefox Security Update: Patched Bug Exploited in the Wild

Firefox Security Update Addresses Actively Exploited Vulnerability

Mozilla has released a security patch for its Firefox browser on Windows platforms, addressing a vulnerability that was reportedly under active exploitation.

The update, bringing Firefox to version 136.0.4, resolves a security flaw designated as CVE-2025-2857. This vulnerability exhibits characteristics analogous to a recently patched bug found in Google’s Chrome browser.

Sandbox Escape Risk

Successful exploitation of this bug could allow attackers to bypass Firefox’s security sandbox. This sandbox is designed to restrict the browser’s access to system resources and user data.

A sandbox escape would potentially grant malicious actors broader access to the underlying operating system and sensitive information.

Impact on Related Browsers

The vulnerability isn't limited to Firefox alone. Browsers sharing the same codebase, such as the Tor Browser, are also affected.

The Tor Browser has been updated to version 14.0.7 to incorporate the necessary security fixes.

Connection to Chrome Zero-Day

Kaspersky researcher Boris Larin, who initially identified a zero-day vulnerability in Chrome, has confirmed that the underlying cause of the Chrome issue also impacts Firefox.

Previous investigations by Kaspersky linked the exploitation of these vulnerabilities to targeted attacks against individuals associated with journalism, educational institutions, and governmental bodies within Russia.

These attacks suggest a focused effort to compromise specific organizations and individuals.