Mozilla has mounted a safety bug in its Firefox for Windows browser that was “being exploited within the wild.”
In a short replace, Mozilla mentioned it up to date the browser to Firefox model 136.0.4 after figuring out and fixing the brand new bug, tracked as CVE-2025-2857, which presents a “related sample” to a bug that Google patched in its Chrome browser earlier this week.
Anyone exploiting the bug may escape Firefox’s sandbox, which limits the browser’s entry to different apps and information on the consumer’s pc.
The bug additionally impacts different browsers with the identical codebase as Firefox for Windows, such because the Tor Browser, which additionally acquired a patch updating the browser to 14.0.7.
Kaspersky researcher Boris Larin, who first found the Chrome zero-day, confirmed in a publish that the foundation reason behind the Chrome bug additionally impacts Firefox. Kaspersky beforehand linked the usage of the exploits to assaults on journalists, workers of academic establishments, and authorities organizations in Russia.
