Critical sandbox escape flaws in Firefox and Chrome patched

Mozilla has released updates to fix a critical security flaw in its Firefox browser for Windows. The vulnerability, designated CVE-2025-2857, stems from improper handling within the browser's inter-process communication (IPC) code, which could allow a compromised child process to gain elevated privileges by manipulating the parent process into returning a powerful handle, potentially leading to sandbox escape.

The issue has been patched in Firefox 136.0.4, Firefox ESR 115.21.1, and Firefox ESR 128.8.1. As of now, there is no evidence that this vulnerability has been actively exploited.

Stay on top of emerging threats.

Sign up to receive a weekly roundup of our security intelligence feed. You'll be the first to know of emerging attack vectors, threats, and vulnerabilities. 

Sign up

This update follows Google's recent fix for a similar zero-day flaw in Chrome (CVE-2025-2783), which had been exploited in attacks against media, educational, and government entities in Russia. The U.S. Cybersecurity and Infrastructure Security Agency (CISA) has since added the Chrome vulnerability to its Known Exploited Vulnerabilities (KEV) catalog, highlighting its active use in cyber threats.

Users are urged to update their Firefox browsers promptly to mitigate security risks.

Source: The Hacker News

Analysis

A browser sandbox escape is a serious security vulnerability that could allow a threat actor to break out of the restricted environment (sandbox) designed to isolate web content from the underlying operating system. If successful, an attacker can gain control over a compromised system, which could lead to:

• Privilege escalation
• Remote code execution (RCE)
• Access to local files
• Credential theft
• Installation of malware like backdoors, keyloggers, or other malware to maintain access to the system.
• Ransomware deployment
• Compromising other systems
• Credential dumping

The recent Mozilla vulnerability, CVE-2025-2857, is similar to CVE-2024-29944, a previous Firefox vulnerability that could also enable sandbox escape. There is no information to indicate that CVE-2024-29944 was ever exploited so hopefully that will also be the case for CVE-2025-2857.

Regardless, sandbox escape attacks can turn a simple browser vulnerability into a full system breach, thus patching these types of flaws as soon as possible is crucial.

Mitigation

Field Effect’s Security Intelligence team constantly monitors the cyber threat landscape for threats related to vulnerabilities discovered in browsers like Firefox and Chrome. Field Effect MDR users are automatically notified when suspicious activity related to their accounts is detected and are encouraged to review these AROs as quickly as possible via the Field Effect Portal.

Field Effect strongly encourages all other users of Chrome and Firefox to update to the latest secure version as soon as possible.

Related Articles

• Mozilla releases emergency patch for actively exploited zero-day
• Google and Mozilla patch browser zero-day vulnerabilities
• Mozilla fixed two Firefox zero-day bugs exploited at Pwn2Own