Importance Score: 75 / 100 🔴
Mozilla has resolved a security vulnerability in its Firefox browser for Windows, confirming that the flaw was actively exploited. The tech company released an update to address the issue, urging users to update immediately to safeguard their systems against potential threats. The security issue, identified as CVE-2025-2857, bears a resemblance to a recently patched vulnerability in Google Chrome, highlighting a concerning trend in browser-based exploits.
Firefox Patches Actively Exploited Security Flaw
Mozilla issued an update for its Firefox browser, bringing it to version 136.0.4, after discovering and rectifying a critical security flaw. The vulnerability, designated CVE-2025-2857, exhibits a “similar pattern” to a bug that Google addressed in its Chrome browser earlier this week.
Details of the Vulnerability
Exploitation of this security bug could allow malicious actors to bypass Firefox’s sandbox. This security feature is designed to restrict the browser’s access to other applications and sensitive data stored on a user’s computer, preventing unauthorized access and potential harm.
Impact on Other Browsers
The vulnerability is not limited to Firefox alone. Other browsers built upon the same codebase as Firefox for Windows are also affected. Notably, the Tor Browser has also released a patch, updating to version 14.0.7, to mitigate this shared security risk.
Discovery and Broader Implications
Security researcher Boris Larin from Kaspersky, who initially uncovered the zero-day vulnerability in Chrome, has verified that the underlying cause of the Chrome bug is also present in Firefox. Kaspersky previously indicated that exploits targeting similar vulnerabilities were linked to attacks directed at journalists, educational institution personnel, and government agencies within Russia.