- Kaspersky recently uncovered a zero-day vulnerability in Google Chrome
- Mozilla now says it has found a similar issue in Firefox
- The bug was used to target Russian targets in a cyber-espionage campaign
A worrying security flaw, similar to the Chrome zero-day issue recently spotted and patched by Google, has now been discovered, and remedied, in the Firefox browser.
In a security advisory published on March 27, 2025, Mozilla said after the discovery of the Chrome sandbox escape vulnerability, “various Firefox developers” found a similar pattern in the browser’s IPC code.
“A compromised child process could cause the parent process to return an unintentionally powerful handle, leading to a sandbox escape,” Mozilla explained. Escaping the sandbox is one of the browser’s “primary security defenses,” reports CyberInsider.
Patching the bug
A sandbox in a web browser is a security mechanism that isolates running web content (such as JavaScript, plugins, or iframes) from the rest of the system.
The goal is to prevent potentially malicious websites or scripts from accessing sensitive user data, modifying system files, or interfering with other applications.
By “escaping the sandbox”, cybercriminals could have malware run on the target computer through the browser.
A patch has been released, and Firefox users are advised to update their browsers to versions Firefox 136.0.4, Firefox ESR 128.8.1, Firefox ESR 115.21.1 to mitigate the issue. Mozilla also added that the bug affects Firefox on Windows, and that other operating systems are unaffected.
It stressed that the Chrome bug was being exploited in the wild, suggesting that the Firefox one remained hidden.
Chrome’s original vulnerability is tracked as CVE-2025-2783, while the Firefox one is being tracked as CVE-2025-2857. No severity score has yet been assigned.
Nor Google, nor Mozilla, discussed the threat actors or the victims. However, researchers from Kaspersky (who originally found the bug) said that the flaw was used to target people in Russia.
The campaign involved phishing, redirecting victims to primakovreadings[dot]info. The entire campaign was dubbed Operation ForumTroll and apparently, the goal is to conduct cyber-espionage.
Leave a comment