CVE-2025-2857
Scores
EPSS
Percentile: 0.1%
Description
Following the recent Chrome sandbox escape (CVE-2025-2783), various Firefox developers identified a similar pattern in our IPC code. A compromised child process could cause the parent process to return an unintentionally powerful handle, leading to a sandbox escape.
The original vulnerability was being exploited in the wild.
This only affects Firefox on Windows. Other operating systems are unaffected. This vulnerability affects Firefox < 136.0.4, Firefox ESR < 128.8.1, and Firefox ESR < 115.21.1.
Scaner-VS 7 — a modern vulnerability management solution
Sources
CWEs
Related Vulnerabilities
Vulnerable Software (4)
Type: Configuration
Operating System:
{
"children": [
{
"cpe_match": [
{
"cpe23uri": "cpe:2.3:a:mozilla:firefox:*:*:*:*:*:*:*:*",
"versionEndExcluding": "136.0.4"
}
],
"negate": ...{
"children": [
{
"cpe_match": [
{
"cpe23uri": "cpe:2.3:a:mozilla:firefox:*:*:*:*:*:*:*:*",
"versionEndExcluding": "136.0.4"
}
],
"negate": false,
"operator": "OR"
},
{
"cpe_match": [
{
"cpe23uri": "cpe:2.3:o:microsoft:windows:-:*:*:*:*:*:*:*"
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
}Source: anchore_overrides
Type: Configuration
Operating System:
{
"children": [
{
"cpe_match": [
{
"cpe23uri": "cpe:2.3:a:mozilla:firefox_esr:*:*:*:*:*:*:*:*",
"versionEndExcluding": "128.8.1",
"versionStartIncludi...{
"children": [
{
"cpe_match": [
{
"cpe23uri": "cpe:2.3:a:mozilla:firefox_esr:*:*:*:*:*:*:*:*",
"versionEndExcluding": "128.8.1",
"versionStartIncluding": "1.116"
},
{
"cpe23uri": "cpe:2.3:a:mozilla:firefox_esr:*:*:*:*:*:*:*:*",
"versionEndExcluding": "115.21.1"
}
],
"negate": false,
"operator": "OR"
},
{
"cpe_match": [
{
"cpe23uri": "cpe:2.3:o:microsoft:windows:-:*:*:*:*:*:*:*"
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
}Source: anchore_overrides
Type: Configuration
Product: firefox
Operating System: debian
{
"unaffected": true
}Source: debian
Type: Configuration
Product: firefox-esr
Operating System: debian
{
"unaffected": true
}Source: debian