Firefox: Mozilla closes critical sandbox gap in Windows version
Updates for Firefox close a sandbox vulnerability under Windows. It is similar to the one attacked in Google Chrome.
Security gaps in Firefox put users at risk.
(Image: Bild erstellt mit KI in Bing Designer durch heise online / dmk)
Updates are available for the Firefox web browser that close a security vulnerability classified as critical. Under Windows, it allows malicious actors to break out of the sandbox and thus inject and execute malicious code in the system.
In a security announcement, the Mozilla developers explain that they have found similar patterns in Firefox's code for inter-process communication (IPC) following the recently disclosed vulnerability in Google Chrome, which has already been attacked in the wild. "A compromised child process can cause the parent process to return an unintentionally powerful handle, leading to an escape from the sandbox," the developers explain the bug somewhat cryptically (CVE-2025-2857, no CVSS, risk"critical").
Affected versions
The problem only occurs under Windows. Firefox versions 136.0.4, Firefox ESR 115.21.1 and Firefox ESR 128.8.1 correct the security-relevant errors. Anyone using the Mozilla web browsers on Windows should ensure that they use the bug-fixed versions as soon as possible.
Videos by heise
Users can find out whether Firefox is already up to date by opening the version dialog. This opens when the browser menu is clicked, which is hidden behind the "hamburger" symbol with three horizontal lines to the right of the address bar, and the further path via "Help" – "About Firefox".
(Image:Â Screenshot / dmk)
Attacked sandbox vulnerability in Chrome
On Wednesday night this week, Google released a security update for the Chrome web browser. It corrected an already attacked vulnerability in the Mojo component of the browser, which provides functions for inter-process communication. Here too, the bug allowed attackers to break out of the sandbox and ultimately execute malicious code.
Kaspersky discovered the attacks on the vulnerability and named them "Operation ForumTroll". A phishing email contained links to manipulated websites. If a victim clicks on it, the website is displayed without any further user interaction and the Windows PC is infected. More in-depth details about the vulnerability are not yet publicly available.
(dmk)
