Sandbox Escape Vulnerability in Firefox for Windows
CVE-2025-2857
Key Information:
- Vendor
- Mozilla
- Status
- Vendor
- CVE Published:
- 27 March 2025
Badges
What is CVE-2025-2857?
CVE-2025-2857 is a serious vulnerability identified in the Firefox web browser specifically for Windows operating systems. This flaw pertains to a sandbox escape, where a compromised child process could unintentionally provide the parent process with elevated privileges, allowing attackers to perform unauthorized actions within the system. Given that Firefox is widely used for safe web browsing, this vulnerability poses a significant risk to organizations relying on the browser for daily operations and secure internet access.
Technical Details
This vulnerability involves a defect in the inter-process communication (IPC) code used by Firefox. When properly exploited, the flaw can lead to a situation where the browser's intended security model is bypassed, offering attackers a powerful handle to manipulate the parent process. The vulnerability affects specific versions of Firefox—those below 136.0.4, as well as certain Extended Support Release (ESR) versions—making it critical for users to stay updated with the latest security patches provided by Mozilla.
Potential impact of CVE-2025-2857
-
Unauthorized System Access: The vulnerability may allow attackers to execute code in the context of the parent process, paving the way for potential full system access and unwanted control over the user’s environment.
-
Data Leakage: Exploitation of this vulnerability could lead to unauthorized access to sensitive information managed by the browser, including passwords, personal data, and corporate credentials, significantly compromising user privacy and organizational security.
-
Increased Malware Risks: By facilitating a sandbox escape, the vulnerability could serve as an entry point for further malicious activities, including the installation of ransomware or other forms of malware, thereby jeopardizing the integrity and reliability of affected systems.
Affected Version(s)
Firefox < 136.0.4
Firefox ESR < 128.8.1
Firefox ESR < 115.21.1
Get notified when SecurityVulnerability.io launches alerting 🔔
Well keep you posted 📧
News Articles
Critical Firefox, Tor Browser sandbox escape flaw fixed (CVE-2025-2857) - Help Net Security
There's currently no indication that the Firefox sandbox escape vulnerability (CVE-2025-2857) is under active exploitation.
6 days ago
Mozilla fixed critical Firefox vulnerability CVE-2025-2857
Mozilla addressed a critical vulnerability, tracked as CVE-2025-2857, impacting its Firefox browser for Windows.
6 days ago

Mozilla Patches Critical Firefox Bug Similar to Chrome’s Recent Zero-Day Vulnerability
Mozilla patched CVE-2025-2857 in Firefox after Chrome’s exploited zero-day revealed similar IPC flaws.
6 days ago
References
CVSS V3.1
Timeline
- 🥇
Vulnerability reached the number 1 worldwide trending spot
- 📈
Vulnerability started trending
- 👾
Exploit known to exist
- 📰
First article discovered by BleepingComputer
Vulnerability published
Vulnerability Reserved