CVE-2025-2857

27.03.2025, 14:15

Following the recent Chrome sandbox escape (CVE-2025-2783), various Firefox developers identified a similar pattern in our IPC code. A compromised child process could cause the parent process to return an unintentionally powerful handle, leading to a sandbox escape. 
The original vulnerability was being exploited in the wild. 
*This only affects Firefox on Windows. Other operating systems are unaffected.* This vulnerability affects Firefox < 136.0.4, Firefox ESR < 128.8.1, and Firefox ESR < 115.21.1.

Provider	Type	Base Score	Atk. Vector	Atk. Complexity	Priv. Required	Vector
NIST	NIST	10 CRITICAL	NETWORK	LOW	NONE	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H
mozilla	CNA	---				---
CISA-ADP	ADP	10 CRITICAL	NETWORK	LOW	NONE	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H

Base Score

CVSS 3.x

EPSS Score

Percentile: 21%

Vendor	Product	Version
mozilla	firefox	𝑥 < 136.0.4
mozilla	firefox	𝑥 < 115.21.1
mozilla	firefox	128.1.0 ≤ 𝑥 < 128.8.1

𝑥

= Vulnerable software versions

Debian Releases

Debian Product

Codename

firefox

sid	145.0.1-1 fixed

firefox-esr

bullseye	115.14.0esr-1~deb11u1 fixed
bullseye (security)	140.5.0esr-1~deb11u1 fixed
bookworm	128.14.0esr-1~deb12u1 fixed
bookworm (security)	140.5.0esr-1~deb12u1 fixed
trixie	140.4.0esr-1~deb13u1 fixed
trixie (security)	140.5.0esr-1~deb13u1 fixed
forky	140.5.0esr-1 fixed
sid	140.5.0esr-1 fixed

Common Weakness Enumeration

CWE-668 - Exposure of Resource to Wrong Sphere
The product exposes a resource to the wrong control sphere, providing unintended actors with inappropriate access to the resource.

References

https://bugzilla.mozilla.org/show_bug.cgi?id=1956398

https://issues.chromium.org/issues/405143032

https://www.cve.org/CVERecord?id=CVE-2025-2783

https://www.mozilla.org/security/advisories/mfsa2025-19/