CVE-2025-2857

Name of the Vulnerable Software and Affected Versions Mozilla Firefox versions prior to 136.0.4 Mozilla Firefox ESR versions prior to 128.8.1 Mozilla Firefox ESR versions prior to 115.21.1

Description A critical vulnerability exists in Mozilla Firefox on Windows systems, allowing for a sandbox escape. This flaw is related to incorrect handling of inter-process communication (IPC) and could allow a compromised child process to gain unintended privileges, potentially leading to arbitrary code execution. The vulnerability was identified after a similar issue was found and patched in Google Chrome and has been actively exploited. The vulnerability affects the browser's sandbox, which is a security mechanism designed to isolate browser processes and prevent malicious code from accessing the underlying operating system. Exploitation of this vulnerability could allow an attacker to bypass these security measures and gain control of the affected system.

Recommendations Update Firefox to version 136.0.4 or later. Update Firefox ESR to version 128.8.1 or later. Update Firefox ESR to version 115.21.1 or later.