Security Vulnerability Fixed in Firefox 136.0.4, Firefox ESR 128.8.1, Firefox ESR 115.21.1: SoylentNews Submission

Security Vulnerability Fixed in Firefox 136.0.4, Firefox ESR 128.8.1, Firefox ESR 115.21.1

Accepted submission by upstart at 2025-03-28 08:09:52

upstart [soylentnews.org] writes:

████ # This file was generated bot-o-matically! Edit at your own risk. ████

Security Vulnerability fixed in Firefox 136.0.4, Firefox ESR 128.8.1, Firefox ESR 115.21.1 [mozilla.org]:

Security Vulnerability fixed in Firefox 136.0.4, Firefox ESR 128.8.1, Firefox ESR 115.21.1 #CVE-2025-2857: Incorrect handle could lead to sandbox escapes Description

Following the recent Chrome sandbox escape (CVE-2025-2783), various Firefox developers identified a similar pattern in our IPC code. A compromised child process could cause the parent process to return an unintentionally powerful handle, leading to a sandbox escape.
The original vulnerability was being exploited in the wild.
This only affects Firefox on Windows. Other operating systems are unaffected.

References

Bug 1956398 [mozilla.org]
CVE-2025-2783 [cve.org]

from the why-are-you-still-using-windows? dept.

SoylentNews

SoylentNews is people

Navigation

Sections

SoylentNews

Submission Preview

Security Vulnerability Fixed in Firefox 136.0.4, Firefox ESR 128.8.1, Firefox ESR 115.21.1