Security Vulnerability Fixed in Firefox 136.0.4, Firefox ESR 128.8.1, Firefox ESR 115.21.1

by
hubie
from SoylentNews on (#6W8MN)

upstart writes:

Security Vulnerability fixed in Firefox 136.0.4, Firefox ESR 128.8.1, Firefox ESR 115.21.1:

Security Vulnerability fixed in Firefox 136.0.4, Firefox ESR 128.8.1, Firefox ESR 115.21.1#CVE-2025-2857: Incorrect handle could lead to sandbox escapesDescription

Following the recent Chrome sandbox escape (CVE-2025-2783), various Firefoxdevelopers identified a similar pattern in our IPC code. A compromised childprocess could cause the parent process to return an unintentionallypowerful handle, leading to a sandbox escape.
The original vulnerability was being exploited in the wild.
This only affects Firefox on Windows. Other operating systems are unaffected.

References

See also:

Original Submission

Read more of this story at SoylentNews.

External Content
Source RSS or Atom Feed
Feed Location https://soylentnews.org/index.rss
Feed Title SoylentNews
Feed Link https://soylentnews.org/
Feed Copyright Copyright 2014, SoylentNews
Reply 0 comments