Mozilla has released an update for Firefox to fix a vulnerability similar to one recently discovered in Google Chrome. The flaw allowed attackers to bypass the browser’s sandbox protection, potentially putting users at risk.
Earlier this week, Google issued an emergency update for Chrome on Windows to address a zero-day vulnerability that had been actively exploited. Security researchers at Kaspersky Lab uncovered the issue, which was used in a phishing campaign named “Forum Troll.” Attackers sent emails inviting recipients to a political event, and simply clicking the provided link was enough to trigger the exploit. This vulnerability, identified as CVE-2025-2783, enabled attackers to bypass Chrome’s sandbox security without requiring any further user interaction. Although technical details remain undisclosed, experts believe it could be used alongside another exploit to execute remote code.
Mozilla Patches Similar Firefox Flaw
Following Google’s update, Mozilla developers examined Firefox’s sandbox mechanisms and identified a similar vulnerability, labeled CVE-2025-2857. The flaw also allowed attackers to escape the browser’s sandbox by disrupting the parent process, enabling descriptor leaks to unprivileged child processes. Mozilla has since released a patch to resolve the issue.
Google credited Kaspersky Lab for reporting the Chrome vulnerability and explained that the issue stemmed from incorrect descriptor handling in Chromium’s Mojo framework. Since many browsers, including Microsoft Edge, Opera, and Brave, are built on Chromium, similar emergency updates for these browsers are likely to follow soon—if they haven’t already. Additionally, the developers of the Firefox-based Tor browser have released an urgent update for its Windows version, notes NIXSolutions.
We’ll keep you updated as more security patches roll out for affected browsers.