Mozilla Critical Advisory - 20250328001¶
Overview¶
Mozilla has released a critical-rated advisory relating to a security vulnerability in their Firefox products which could cause the parent process to return an unintentionally powerful handle, leading to a sandbox escape.
What is vulnerable?¶
Product(s) Affected | Version(s) | CVE | CVSS | Severity |
---|---|---|---|---|
Firefox | versions prior to Firefox 136.0.4 | CVE-2025-2857 | 10 | Critical |
Firefox ESR | versions prior to 115.21.1 versions prior to 128.8.1 |
CVE-2025-2857 | 10 | Critical |
What has been observed?¶
The WA SOC has not received any reports of exploitation of this vulnerability on Western Australian Government networks at the time of writing.
Recommendation¶
The WA SOC recommends administrators apply the solutions as per vendor instructions to all affected devices within expected timeframes (refer Patch Management):
Additional References¶
- Bleeping Comptuer: https://www.bleepingcomputer.com/news/security/mozilla-warns-windows-users-of-critical-firefox-sandbox-escape-flaw/
Change Log¶
- 2025-03-28: Intiial Publication
- 2025-03-31: Update of CVE details.