Mozilla patched a Firefox browser vulnerability that was discovered after a similar Google Chrome flaw was found to be actively exploited in potential espionage campaigns.The critical flaw, tracked as CVE-2025-2857, could enable an attacker to escape the Firefox browser’s sandbox protection on Windows machines due to an error in the browser’s inter-process communication (IPC) code, Mozilla said in an advisory Thursday.This error could allow a compromised child process to cause the browser’s parent process to return an “unintentionally powerful handle,” affecting the way the browser interacts with Windows system resources and ultimately leading to sandbox escape.The IPC error follows a similar pattern to the Chrome zero-day tracked as CVE-2025-2783, according to Mozilla developer Andrew McCreight, who reported the Firefox flaw. The error in Chrome’s Mojo IPC also causes an incorrect handle to be provided, allowing a remote attacker to use a malicious file to escape the sandbox, according to Google.The Chrome flaw was reported by Kaspersky researchers Boris Larin and Igor Kuznetsov, who found that the previously undiscovered flaw was being used in a sophisticated cyberattack campaign they dubbed “Operation ForumTroll.”The zero-day attacks on Chrome flaw CVE-2025-2783 were described by Larin and Kuznetsov in a report published Tuesday. Attacks commenced with phishing emails inviting targets, who were members of Russian media outlets, educational institutions and government organizations, to the Primakov Readings international forum.Two links included in the phishing emails redirected to attacker-controlled websites that utilized the Chrome exploit to install a “previously unknown and highly sophisticated malware” without further user interaction. While further details about the exploit and malware were not provided, the researchers noted the goal of the campaign appeared to be cyberespionage.The “Primakov Readings” phishing links are no longer active and currently redirect to the legitimate Primakov Readings website, according to Kaspersky, but could be reactivated by the threat actors at any time, the researchers warned.Google patched the Chrome flaw on Tuesday, March 25, 202 with stable channel update 134.0.6998.177/.178. The zero-day was added to the Known Exploited Vulnerabilities (KEV) Catalog by the U.S. Cybersecurity & Infrastructure Security Agency (CISA) on Thursday.The similar Firefox flaw, which is not reported to have been exploited in the wild, was fixed in versions Firefox 136.0.4, Firefox Extended Support Release (ESR) 115.21.1 and Firefox ESR 128.8.1 announced Thursday.
