Not a user yet?
Log in Register for free Suggest a product
Update

Security Vulnerability fixed in Firefox 136.0.4

FirefoxFirefox
Mozilla

Version 136.0.4, first offered to Release channel users on March 27, 2025

Fixed
Mozilla Foundation Security Advisory 2025-19
Security Vulnerability fixed in Firefox 136.0.4, Firefox ESR 128.8.1, Firefox ESR 115.21.1
Announced : March 27, 2025
Impact : Critical
Products : Firefox, Firefox ESR
Fixed in : Firefox 136.0.4
Firefox ESR 115.21.1
Firefox ESR 128.8.1

CVE-2025-2857: Incorrect handle could lead to sandbox escapes
Reporter : Andrew McCreight
Impact : critical
Description
Following the recent Chrome sandbox escape (CVE-2025-2783), various Firefox developers identified a similar pattern in our IPC code. A compromised child process could cause the parent process to return an unintentionally powerful handle, leading to a sandbox escape.
The original vulnerability was being exploited in the wild.
This only affects Firefox on Windows. Other operating systems are unaffected.

More updatesTo the product
The manufacturer Mozilla has not yet set up its devicebase profile. Content such as updates, compatibilities and support may only be maintained with a delay.
Receive Important Update Messages Stay tuned for upcoming Mozilla updates

More from the Apps & Software section

Was the content helpful to you?

Advertisement Advertise here?
Udemy IT certification ad