Mozilla has addressed a security issue in Firefox for Windows that was being exploited in several attacks. Mozilla stated that it has updated Firefox to version 136.0.4 after identifying and resolving the issue.
CVE-2025-2857 exhibits behavior similar to the security problem that Google addressed in the Chrome browser earlier this week. Anyone exploiting the security issue could “escape” the Firefox sandbox, which is used to limit access to other applications outside the browser on the user’s computer.
The problem also affects browsers using Firefox’s source code, such as the Tor browser, which has also been updated to version 14.0.7.
Kaspersky security researcher Boris Larin, who discovered the zero-day issue in Chrome, confirmed via a post that the cause of the issue in Chrome is the same as for Firefox.
Source: PCWorld Albanian
