Not a user yet?
Log in Register for free Suggest a product
The manufacturer Mozilla has not yet set up its devicebase profile. Content such as updates, compatibilities and support may only be maintained with a delay.
Update

Security Vulnerability fixed in Firefox 136.0.4

FirefoxFirefox
Mozilla
Update from patrick-devicebaseUpdate from:
patrick-devicebase (expert)

Version 136.0.4, first offered to Release channel users on March 27, 2025

Fixed
Mozilla Foundation Security Advisory 2025-19
Security Vulnerability fixed in Firefox 136.0.4, Firefox ESR 128.8.1, Firefox ESR 115.21.1
Announced : March 27, 2025
Impact : Critical
Products : Firefox, Firefox ESR
Fixed in : Firefox 136.0.4
Firefox ESR 115.21.1
Firefox ESR 128.8.1

CVE-2025-2857: Incorrect handle could lead to sandbox escapes
Reporter : Andrew McCreight
Impact : critical
Description
Following the recent Chrome sandbox escape (CVE-2025-2783), various Firefox developers identified a similar pattern in our IPC code. A compromised child process could cause the parent process to return an unintentionally powerful handle, leading to a sandbox escape.
The original vulnerability was being exploited in the wild.
This only affects Firefox on Windows. Other operating systems are unaffected.

Version: 136.0.4 Link
More updatesTo the product
Receive Important Update Messages Stay tuned for upcoming Mozilla Firefox updates

More from the Apps & Software section

Was the content helpful to you?

Advertisement Advertise here?
Udemy IT certification ad