Security News > 2025 > March > Critical Firefox, Tor Browser sandbox escape flaw fixed (CVE-2025-2857)
2025-03-28 10:57
Google’s fixing of CVE-2025-2783, a Chrome zero-day vulnerability exploited by state-sponsored attackers, has spurred Firefox developers to check whether the browser might have a similar flaw – and they found it. There’s currently no indication that the Firefox bug (CVE-2025-2857) is under active exploitation, but this should not be surprising: according to Statcounter, Chrome is used by 66.3% of internet users worldwide and Firefox only by 2.62%. About CVE-2025-2857 CVE-2025-2783 has been described as “a … More → The post Critical Firefox, Tor Browser sandbox escape flaw fixed (CVE-2025-2857) appeared first on Help Net Security.
News URL
Related news
- ⚡ Weekly Recap: APT Campaigns, Browser Hijacks, AI Malware, Cloud Breaches and Critical CVEs (source)
- MITRE warns that funding for critical CVE program expires today (source)
- CISA extends funding to ensure 'no lapse in critical CVE services' (source)
- PoC exploit for critical Erlang/OTP SSH bug is public (CVE-2025-32433) (source)
- Critical Commvault RCE vulnerability fixed, PoC available (CVE-2025-34028) (source)
- Critical SAP NetWeaver flaw exploited by suspected initial access broker (CVE-2025-31324) (source)
- ⚡ Weekly Recap: Critical SAP Exploit, AI-Powered Phishing, Major Breaches, New CVEs & More (source)
- Majority of Browser Extensions Pose Critical Security Risk, A New Report Reveals (source)
- China-Linked APTs Exploit SAP CVE-2025-31324 to Breach 581 Critical Systems Worldwide (source)
Related Vulnerability
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2025-03-27 | CVE-2025-2857 | Unspecified vulnerability in Mozilla Firefox Following the recent Chrome sandbox escape (CVE-2025-2783), various Firefox developers identified a similar pattern in our IPC code. | 0.0 |
| 2025-03-26 | CVE-2025-2783 | Unspecified vulnerability in Google Chrome Incorrect handle provided in unspecified circumstances in Mojo in Google Chrome on Windows prior to 134.0.6998.177 allowed a remote attacker to perform a sandbox escape via a malicious file. | 0.0 |