Mozilla released Firefox 136.0.4 to address a critical security vulnerability tracked as CVE-2025-2857, an error leading to sandbox escapes on Windows systems. This flaw, discovered by Mozilla developers, could potentially be similar to a Chrome zero-day exploited earlier. While the flaw was promptly patched in the stated Firefox versions, the lack of technical details provided by Mozilla implies the risk was significant. Previously, Firefox faced zero-days exploited in targeted cyber-espionage campaigns and by cybercrime groups, emphasizing the ongoing battle against sophisticated threats.
TPRM report: https://scoringcyber.rankiteo.com/company/mozilla-corporation
"id": "moz627032725",
"linkid": "mozilla-corporation",
"type": "Vulnerability",
"date": "3/2025",
"severity": "100",
"impact": "5",
"explanation": "Attack threatening the organization’s existence"{'affected_entities': [{'industry': 'Technology',
'name': 'Mozilla',
'type': 'Software Company'}],
'attack_vector': 'Sandbox escape on Windows systems',
'description': 'Mozilla released Firefox 136.0.4 to address a critical '
'security vulnerability tracked as CVE-2025-2857, an error '
'leading to sandbox escapes on Windows systems. This flaw, '
'discovered by Mozilla developers, could potentially be '
'similar to a Chrome zero-day exploited earlier. While the '
'flaw was promptly patched in the stated Firefox versions, the '
'lack of technical details provided by Mozilla implies the '
'risk was significant. Previously, Firefox faced zero-days '
'exploited in targeted cyber-espionage campaigns and by '
'cybercrime groups, emphasizing the ongoing battle against '
'sophisticated threats.',
'impact': {'systems_affected': 'Windows systems running Firefox'},
'response': {'remediation_measures': 'Patch released (Firefox 136.0.4)'},
'title': 'Mozilla Firefox Security Vulnerability CVE-2025-2857',
'type': 'Zero-day Vulnerability',
'vulnerability_exploited': 'CVE-2025-2857'}