Mozilla has confirmed that Firefox is affected by a critical security vulnerability similar to the Chrome zero-day that was disclosed recently.
Google had announced a Chrome update earlier this week to patch CVE-2025-2783, a vulnerability identified by cybersecurity firm Kaspersky. According to Kaspersky, this flaw has been exploited since at least mid-March by a suspected state-sponsored threat actor to bypass Chrome’s security sandbox. The exploit chain involved another unidentified vulnerability that allowed remote code execution.
The campaign, dubbed Operation ForumTroll, used fake invitations to a scientific forum to lure victims. It primarily targeted media outlets, educational institutions, and government organizations in Russia.
Following the disclosure of CVE-2025-2783, Firefox developers analyzed their own code and discovered a similar issue in their inter-process communication (IPC) system. The flaw, tracked as CVE-2025-2857, involves an incorrect handle that allows a compromised child process to manipulate the parent process, leading to a sandbox escape.
The vulnerability affects only the Windows version of Firefox. Mozilla has addressed the issue in updates for Firefox 136.0.4, 128.8.1 (ESR), and 115.21.1 (ESR). While Mozilla acknowledged that the original Chrome vulnerability has been exploited in real-world attacks, it has not reported any known attacks targeting Firefox users. The Tor browser, which is based on Firefox, has also been updated to patch the flaw.
The Cybersecurity and Infrastructure Security Agency (CISA) has added the Chrome vulnerability to its Known Exploited Vulnerabilities (KEV) catalog. It has warned that other Chromium-based browsers, such as Microsoft Edge and Opera, may also be vulnerable. However, Microsoft has yet to issue an advisory.
Although Firefox vulnerabilities are not exploited as frequently as Chrome’s, several security flaws have been used in attacks over the years. In November 2024, ESET reported that a Russian advanced persistent threat (APT) group had chained Firefox and Windows zero-days to install a backdoor on targeted systems.
Found this article interesting? Follow us on X(Twitter) and FaceBook to read more exclusive content we post.
