Skip to content

Mozilla Critical Advisory - 20250328001

Overview

Mozilla has released a critical-rated advisory relating to a security vulnerability in their Firefox products which could cause the parent process to return an unintentionally powerful handle, leading to a sandbox escape.

What is vulnerable?

Product(s) Affected Version(s) CVE CVSS Severity
Firefox versions prior to Firefox 136.0.4 CVE-2025-2857 10 Critical
Firefox ESR versions prior to 115.21.1
versions prior to 128.8.1
CVE-2025-2857 10 Critical

What has been observed?

The WA SOC has not received any reports of exploitation of this vulnerability on Western Australian Government networks at the time of writing.

Recommendation

The WA SOC recommends administrators apply the solutions as per vendor instructions to all affected devices within expected timeframes (refer Patch Management):

Additional References

Change Log

  • 2025-03-28: Intiial Publication
  • 2025-03-31: Update of CVE details.