![Apple Watch Series 10 Prototype with Mystery Sensor Surfaces [Images]](https://www.iclarified.com/images/news/96892/96892/96892-640.jpg)
![Get Up to 69% Off Anker and Eufy Products on Final Day of Amazon's Big Spring Sale [Deal]](https://www.iclarified.com/images/news/96888/96888/96888-640.jpg)
![Apple Officially Releases macOS Sequoia 15.4 [Download]](https://www.iclarified.com/images/news/96887/96887/96887-640.jpg)
![watchOS 11.4 was briefly available, and was pulled by Apple [u]](https://photos5.appleinsider.com/gallery/60061-123253-watchOS-11-on-Apple-Watch-Ultra-xl.jpg)
![[The AI Show Episode 142]: ChatGPT’s New Image Generator, Studio Ghibli Craze and Backlash, Gemini 2.5, OpenAI Academy, 4o Updates, Vibe Marketing & xAI Acquires X](https://www.marketingaiinstitute.com/hubfs/ep%20142%20cover.png)
![[The AI Show Episode 141]: Road to AGI (and Beyond) #1 — The AI Timeline is Accelerating](https://www.marketingaiinstitute.com/hubfs/ep%20141.1.png)
![[The AI Show Episode 140]: New AGI Warnings, OpenAI Suggests Government Policy, Sam Altman Teases Creative Writing Model, Claude Web Search & Apple’s AI Woes](https://www.marketingaiinstitute.com/hubfs/ep%20140%20cover.png)
![[The AI Show Episode 139]: The Government Knows AGI Is Coming, Superintelligence Strategy, OpenAI’s $20,000 Per Month Agents & Top 100 Gen AI Apps](https://www.marketingaiinstitute.com/hubfs/ep%20139%20cover-2.png)
![Is this a suitable approach to architect a flutter app? [closed]](https://i.sstatic.net/4hMHGb1L.png)
![From broke musician to working dev. How college drop-out Ryan Furrer taught himself to code [Podcast #166]](https://cdn.hashnode.com/res/hashnode/image/upload/v1743189826063/2080cde4-6fc0-46fb-b98d-b3d59841e8c4.png?#)
-1280x720.jpg?width=1920&height=1920&fit=bounds&quality=80&format=jpg&auto=webp#)
Mozilla Releases Urgent Patch for Windows Users Following Recently Exploited Chrome Zero-day
Mozilla has released an emergency security update for its Firefox browser on Windows systems to address a critical vulnerability that could allow attackers to escape browser sandboxes and potentially gain control of affected systems. The patch comes shortly after Google patched a similar zero-day vulnerability in Chrome that was being actively exploited in the wild. […] The post Mozilla Releases Urgent Patch for Windows Users Following Recently Exploited Chrome Zero-day appeared first on Cyber Security News.
Mozilla has released an emergency security update for its Firefox browser on Windows systems to address a critical vulnerability that could allow attackers to escape browser sandboxes and potentially gain control of affected systems.
The patch comes shortly after Google patched a similar zero-day vulnerability in Chrome that was being actively exploited in the wild.
According to the Mozilla Foundation Security advisory, the flaw involves an “incorrect handle” in Firefox’s IPC (Inter-Process Communication) code that could lead to sandbox escapes on Windows systems.
Mozilla researcher Andrew McCreight is credited with discovering the vulnerability after Firefox developers identified a pattern similar to the recently exploited Chrome vulnerability.
“Following the recent Chrome sandbox escape (CVE-2025-2783), various Firefox developers identified a similar pattern in our IPC code,” the advisory states.
“A compromised child process could cause the parent process to return an unintentionally powerful handle, leading to a sandbox escape”.
The vulnerability specifically affects Firefox running on Windows operating systems. Linux, macOS, and other operating systems are not vulnerable to this particular exploit.
Browser sandboxes are security mechanisms designed to contain potentially malicious code and prevent it from accessing sensitive system resources.
A sandbox escape vulnerability allows malicious code to break out of these restrictions, potentially giving attackers access to the underlying operating system.
The vulnerability involves Firefox’s IPC mechanism, which manages communication between different process components of the browser.
The flaw could allow a compromised child process to trick the parent process into returning a handle with elevated privileges, effectively bypassing the sandbox protection.
The summary of the vulnerability is given below:
| Risk Factors | Details |
| Affected Products | – Firefox versions prior to 136.0.4- Firefox ESR versions prior to 128.8.1- Firefox ESR versions prior to 115.21.1(Windows versions only) |
| Impact | Potential system compromise |
| Exploit Prerequisites | – Windows operating system- Unpatched version of Firefox- Attacker ability to compromise a child process |
| CVSS 3.1 Score | High |
Affected Versions and Patch Availability
Mozilla has released fixes for the vulnerability in the following browser versions:
- Firefox 136.0.4
- Firefox ESR (Extended Support Release) 128.8.1
- Firefox ESR 115.21.1
The vulnerability has been classified as “critical” due to its potential impact and the fact that attackers were actively exploiting a similar vulnerability in Chrome.
While Mozilla has not confirmed whether the Firefox vulnerability was exploited in the wild, the advisory notes that the “original vulnerability was being exploited in the wild,” likely referring to the Chrome zero-day.
Windows users running Firefox should immediately update their browsers to the patched versions.
Automatic updates are typically enabled by default, but users can manually check for updates by clicking the menu button, selecting “Help,” and then “About Firefox.” The browser will automatically check for and install any available updates.
This incident highlights browser vendors’ ongoing security challenges and the importance of rapid response to zero-day vulnerabilities, especially when similar flaws exist across different browsers.
Quickly identifying and patching this vulnerability demonstrates the value of cross-browser security research and collaboration within the cybersecurity community.
Investigate Real-World Malicious Links & Phishing Attacks With Threat Intelligence Lookup - Try for Free
The post Mozilla Releases Urgent Patch for Windows Users Following Recently Exploited Chrome Zero-day appeared first on Cyber Security News.
