Connect with us

Hi, what are you looking for?

SecurityWeekSecurityWeek

Vulnerabilities

Firefox Affected by Flaw Similar to Chrome Zero-Day Exploited in Russia

Firefox developers have determined that their browser is affected by a vulnerability similar to the recent Chrome sandbox escape zero-day.

Chrome and Firefox vulnerabilities

Mozilla says Firefox developers have determined that their browser is affected by a critical vulnerability that is similar to the Chrome zero-day disclosed a few days ago.

On Tuesday, Google announced a Chrome update that patches CVE-2025-2783, a vulnerability reported to the tech giant by cybersecurity firm Kaspersky, whose researchers saw it being exploited in attacks aimed at Russian organizations.

Kaspersky said CVE-2025-2783 has been exploited since at least mid-March by what is likely a state-sponsored threat actor to escape Chrome’s sandbox. The exploit chain also targeted another vulnerability (which Kaspersky was unable to identify) to achieve remote code execution. 

The campaign, which the security firm dubbed Operation ForumTroll because it used fake invitations to a scientific forum as a lure, targeted media outlets, educational institutions and government organizations in Russia.

Firefox developers have analyzed CVE-2025-2783 and found that a similar pattern also exists in their IPC code.

The issue, described as an incorrect handle, can allow a compromised child process to cause the parent process to “return an unintentionally powerful handle, leading to a sandbox escape”, Firefox developers said.

In the case of Firefox, the vulnerability is tracked as CVE-2025-2857. The flaw only impacts Firefox for Windows and it has been patched with the release of versions 136.0.4, 128.8.1 (ESR), and 115.21.1 (ESR).

Mozilla noted that the original vulnerability has been exploited in the wild, but did not mention anything about attacks aimed at Firefox users. 

Advertisement. Scroll to continue reading.

The Tor browser, which is based on Firefox, has also been updated to address the vulnerability.

The cybersecurity agency CISA on Thursday added the Chrome flaw to its Known Exploited Vulnerabilities (KEV) catalog. The agency noted that other Chromium-based browsers may also be affected, including Microsoft Edge and Opera. Microsoft has issued an advisory.

The exploitation of Firefox vulnerabilities is not as common as the exploitation of Chrome bugs, but there have been roughly a dozen security holes exploited over the past decade. One example came to light in late November 2024, when ESET reported that a Russian APT had chained Firefox and Windows zero-days to deploy a backdoor.

Related: Chrome 134, Firefox 136 Patch High-Severity Vulnerabilities

Related: Chrome 133, Firefox 135 Updates Patch High-Severity Vulnerabilities

Related: Chrome 133, Firefox 135 Patch High-Severity Vulnerabilities

Written By

Eduard Kovacs (@EduardKovacs) is a managing editor at SecurityWeek. He worked as a high school IT teacher for two years before starting a career in journalism as Softpedia’s security news reporter. Eduard holds a bachelor’s degree in industrial informatics and a master’s degree in computer techniques applied in electrical engineering.

Trending

Daily Briefing Newsletter

Subscribe to the SecurityWeek Email Briefing to stay informed on the latest threats, trends, and technology, along with insightful columns from industry experts.

Join this event as we dive into threat hunting tools and frameworks, and explore value of threat intelligence data in the defender’s security stack.

Register

Learn how integrating BAS and Automated Penetration Testing empowers security teams to quickly identify and validate threats, enabling prompt response and remediation.

Register

People on the Move

Wendi Whitmore has taken the role of Chief Security Intelligence Officer at Palo Alto Networks.

Phil Venables, former CISO of Google Cloud, has joined Ballistic Ventures as a Venture Partner.

David Currie, former CISO of Nubank and Klarna, has been appointed CEO of Vaultree.

More People On The Move

Expert Insights

Daily Briefing Newsletter

Subscribe to the SecurityWeek Email Briefing to stay informed on the latest cybersecurity news, threats, and expert insights. Unsubscribe at any time.