Security News > 2025 > March > Critical Firefox, Tor Browser sandbox escape flaw fixed (CVE-2025-2857)
2025-03-28 10:57
Google’s fixing of CVE-2025-2783, a Chrome zero-day vulnerability exploited by state-sponsored attackers, has spurred Firefox developers to check whether the browser might have a similar flaw – and they found it. There’s currently no indication that the Firefox bug (CVE-2025-2857) is under active exploitation, but this should not be surprising: according to Statcounter, Chrome is used by 66.3% of internet users worldwide and Firefox only by 2.62%. About CVE-2025-2857 CVE-2025-2783 has been described as “a … More → The post Critical Firefox, Tor Browser sandbox escape flaw fixed (CVE-2025-2857) appeared first on Help Net Security.
News URL
Related news
- Mozilla warns Windows users of critical Firefox sandbox escape flaw (source)
- Critical Veeam Backup & Replication RCE vulnerability fixed, patch ASAP! (CVE-2025-23120) (source)
- Critical Next.js auth bypass vulnerability opens web apps to compromise (CVE-2025-29927) (source)
- Google fixes exploited Chrome sandbox bypass zero-day (CVE-2025-2783) (source)
- CrushFTP: Patch critical vulnerability ASAP! (CVE-2025-2825) (source)
- CrushFTP CEO's feisty response to VulnCheck's CVE for critical make-me-admin bug (source)
- Mozilla Patches Critical Firefox Bug Similar to Chrome’s Recent Zero-Day Vulnerability (source)
Related Vulnerability
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2025-03-27 | CVE-2025-2857 | Following the recent Chrome sandbox escape (CVE-2025-2783), various Firefox developers identified a similar pattern in our IPC code. | 0.0 |
| 2025-03-26 | CVE-2025-2783 | Unspecified vulnerability in Google Chrome Incorrect handle provided in unspecified circumstances in Mojo in Google Chrome on Windows prior to 134.0.6998.177 allowed a remote attacker to perform a sandbox escape via a malicious file. | 0.0 |