- Kaspersky recently discovered zero-day vulnerability in Google Chrome
- Mozilla now says that she found a similar problem in Firefox
- The bug was used to target Russian targets in a cyber-spying campaign
A disturbing security defect, similar to the chrome problem zero recently spotted and corrected by Google, has now been discovered and corrected in the Firefox browser.
In a security notice published on March 27, 2025, Mozilla said that after the discovery of the vulnerability of escape from Chrome Sandbox, “various developers of Firefox” found a similar model in the IPC code of the browser.
“A compromised child’s process could lead the parent process to return an involuntarily powerful handle, leading to an escape from sandbox,” said Mozilla. To escape the sandbox is one of the “primary security defenses” of the navigator, reports Cyberinsider.
Patcher the bug
A sandbox in a web browser is a safety mechanism that isolates the execution of web content (such as JavaScript, plugins or Iframes) of the rest of the system.
The objective is to prevent websites or potentially malicious scripts from accessing sensitive user data, modify system files or interfere with other applications.
By “escaping the sandbox”, cybercriminals could operate malware on the target computer via the browser.
A corrective has been published and Firefox users are invited to update their browsers to the Firefox 136.0.4, Firefox ESR 128.8.1, Firefox ESR 115.21.1 to mitigate the problem. Mozilla has also added that the bug affects Firefox on Windows and that other operating systems are not affected.
He stressed that the chrome bug was exploited in the wild, which suggests that the firefox has remained hidden.
The original vulnerability of Chrome is followed as CVE-2025-2783, while that of Firefox is followed under the name of CVE-2025-2857. No severity score has yet been awarded.
Neither Google nor Mozilla, discussed actors in the threat or victims. However, Kaspersky researchers (who initially found the bug) said that the flaw was used to target people in Russia.
The campaign involved phishing, redirect the victims to Primakovreadings[dot]Info. The whole campaign was nicknamed the Forumtroll operation and, apparently, the objective is to lead a cyber-spying.
