Mozilla has released Firefox 136.0.4 to patch a critical security vulnerability that can let attackers escape the web browser's sandbox on Windows systems. Tracked as CVE-2025-2857, this flaw is ...

The finding is surprising since Firefox uses a different browser engine. But it looks like the flaw relates more to how browsers communicate with the Windows OS.

The attack, which exploits the flaw CVE-2025-2783 ... leading to a sandbox escape.” The danger only affects Firefox users on Windows. The company issued patches via Firefox 136.0.4, Firefox ...

In a security advisory published on March 27, 2025, Mozilla said after the discovery of the Chrome sandbox escape vulnerability ... that the bug affects Firefox on Windows, and that other ...

leading to a sandbox escape. The original vulnerability was being exploited in the wild. This only affects Firefox on Windows. Other operating systems are unaffected,” Mozilla said in an advisory. The ...

The Hacker News is the top cybersecurity news platform, delivering real-time updates, threat intelligence, data breach ...

and on Thursday pushed out its own fix after Firefox engineers found a similar flaw in their own IPC plumbing. That hole, now tracked as CVE-2025-2857, also allowed sandbox escapes on Windows.

The Firefox flaw, tracked as CVE-2025-2857, allows attackers to escape the browser’s sandbox protections and gain broader system access. According to Mozilla, this issue affects only Firefox on ...