CVE-2025-2857
Scores
EPSS
Percentile: 0.1%
Description
Following the recent Chrome sandbox escape (CVE-2025-2783), various Firefox developers identified a similar pattern in our IPC code. A compromised child process could cause the parent process to return an unintentionally powerful handle, leading to a sandbox escape.
The original vulnerability was being exploited in the wild.
This only affects Firefox on Windows. Other operating systems are unaffected. This vulnerability affects Firefox < 136.0.4, Firefox ESR < 128.8.1, and Firefox ESR < 115.21.1.
Scaner-VS 7 — a modern vulnerability management solution
Sources
CWEs
Related Vulnerabilities
Vulnerable Software (4)
Type: Configuration
Operating System:
{ "children": [ { "cpe_match": [ { "cpe23uri": "cpe:2.3:a:mozilla:firefox:*:*:*:*:*:*:*:*", "versionEndExcluding": "136.0.4" } ], "negate": ...
{ "children": [ { "cpe_match": [ { "cpe23uri": "cpe:2.3:a:mozilla:firefox:*:*:*:*:*:*:*:*", "versionEndExcluding": "136.0.4" } ], "negate": false, "operator": "OR" }, { "cpe_match": [ { "cpe23uri": "cpe:2.3:o:microsoft:windows:-:*:*:*:*:*:*:*" } ], "negate": false, "operator": "OR" } ], "operator": "AND"}
Source: anchore_overrides
Type: Configuration
Operating System:
{ "children": [ { "cpe_match": [ { "cpe23uri": "cpe:2.3:a:mozilla:firefox_esr:*:*:*:*:*:*:*:*", "versionEndExcluding": "128.8.1", "versionStartIncludi...
{ "children": [ { "cpe_match": [ { "cpe23uri": "cpe:2.3:a:mozilla:firefox_esr:*:*:*:*:*:*:*:*", "versionEndExcluding": "128.8.1", "versionStartIncluding": "1.116" }, { "cpe23uri": "cpe:2.3:a:mozilla:firefox_esr:*:*:*:*:*:*:*:*", "versionEndExcluding": "115.21.1" } ], "negate": false, "operator": "OR" }, { "cpe_match": [ { "cpe23uri": "cpe:2.3:o:microsoft:windows:-:*:*:*:*:*:*:*" } ], "negate": false, "operator": "OR" } ], "operator": "AND"}
Source: anchore_overrides
Type: Configuration
Product: firefox
Operating System: debian
{ "unaffected": true}
Source: debian
Type: Configuration
Product: firefox-esr
Operating System: debian
{ "unaffected": true}
Source: debian