Mozilla Critical Advisory - 20250328001

Overview

Mozilla has released a critical-rated advisory relating to a security vulnerability in their Firefox products which could cause the parent process to return an unintentionally powerful handle, leading to a sandbox escape.

What is vulnerable?

Product(s) Affected	Version(s)	CVE	CVSS	Severity
Firefox	versions prior to Firefox 136.0.4	CVE-2025-2857	10	Critical
Firefox ESR	versions prior to 115.21.1 versions prior to 128.8.1	CVE-2025-2857	10	Critical

What has been observed?

The WA SOC has not received any reports of exploitation of this vulnerability on Western Australian Government networks at the time of writing.

Recommendation

The WA SOC recommends administrators apply the solutions as per vendor instructions to all affected devices within expected timeframes (refer Patch Management):

• Mozilla: https://www.mozilla.org/en-US/security/advisories/mfsa2025-19/#CVE-2025-2857

Additional References

• Bleeping Comptuer: https://www.bleepingcomputer.com/news/security/mozilla-warns-windows-users-of-critical-firefox-sandbox-escape-flaw/

Change Log

• 2025-03-28: Intiial Publication
• 2025-03-31: Update of CVE details.