Mozilla

Mozilla

Mozilla released Firefox 136.0.4 to address a critical security vulnerability tracked as CVE-2025-2857, an error leading to sandbox escapes on Windows systems. This flaw, discovered by Mozilla developers, could potentially be similar to a Chrome zero-day exploited earlier. While the flaw was promptly patched in the stated Firefox versions, the lack of technical details provided by Mozilla implies the risk was significant. Previously, Firefox faced zero-days exploited in targeted cyber-espionage campaigns and by cybercrime groups, emphasizing the ongoing battle against sophisticated threats.

Source: https://www.bleepingcomputer.com/news/security/mozilla-warns-windows-users-of-critical-firefox-sandbox-escape-flaw/

TPRM report: https://scoringcyber.rankiteo.com/company/mozilla-corporation

"id": "moz627032725",
"linkid": "mozilla-corporation",
"type": "Vulnerability",
"date": "3/2025",
"severity": "100",
"impact": "5",
"explanation": "Attack threatening the organization’s existence"
{'affected_entities': [{'industry': 'Technology',
                        'name': 'Mozilla',
                        'type': 'Software Company'}],
 'attack_vector': 'Sandbox escape on Windows systems',
 'description': 'Mozilla released Firefox 136.0.4 to address a critical '
                'security vulnerability tracked as CVE-2025-2857, an error '
                'leading to sandbox escapes on Windows systems. This flaw, '
                'discovered by Mozilla developers, could potentially be '
                'similar to a Chrome zero-day exploited earlier. While the '
                'flaw was promptly patched in the stated Firefox versions, the '
                'lack of technical details provided by Mozilla implies the '
                'risk was significant. Previously, Firefox faced zero-days '
                'exploited in targeted cyber-espionage campaigns and by '
                'cybercrime groups, emphasizing the ongoing battle against '
                'sophisticated threats.',
 'impact': {'systems_affected': 'Windows systems running Firefox'},
 'response': {'remediation_measures': 'Patch released (Firefox 136.0.4)'},
 'title': 'Mozilla Firefox Security Vulnerability CVE-2025-2857',
 'type': 'Zero-day Vulnerability',
 'vulnerability_exploited': 'CVE-2025-2857'}
Great! Next, complete checkout for full access to Rankiteo Blog.
Welcome back! You've successfully signed in.
You've successfully subscribed to Rankiteo Blog.
Success! Your account is fully activated, you now have access to all content.
Success! Your billing info has been updated.
Your billing was not updated.