Close Menu

    Subscribe to Updates

    Get the latest creative news from FooBar about art, design and business.

    What's Hot

    SpaceX Targets 170 Orbital Launches in 2025, Aims to Set New Industry Benchmark

    May 31, 2025

    Microsoft Reportedly Pauses Xbox Handheld Plans to Refocus on Windows 11 for Portable Gaming

    May 31, 2025

    Perplexity Labs Launches, Automating Spreadsheets, Reports, and Web App Creation

    May 31, 2025
    Facebook X (Twitter) Instagram Pinterest
    EchoCraft AIEchoCraft AI
    • Home
    • AI
    • Apps
    • Smart Phone
    • Computers
    • Gadgets
    • Live Updates
    • About Us
      • About Us
      • Privacy Policy
      • Terms & Conditions
    • Contact Us
    EchoCraft AIEchoCraft AI
    Home»Apps»Mozilla Patches Actively Exploited Firefox Vulnerability, Similar to Chrome Bug
    Apps

    Mozilla Patches Actively Exploited Firefox Vulnerability, Similar to Chrome Bug

    EchoCraft AIBy EchoCraft AIMarch 28, 2025No Comments2 Mins Read
    Share Facebook Twitter Pinterest LinkedIn Tumblr Reddit Telegram Email
    Share
    Facebook Twitter LinkedIn Pinterest Email

    Mozilla has released an emergency security update for Firefox on Windows after identifying a vulnerability (CVE-2025-2857) that was actively exploited.

    This flaw allowed attackers to bypass Firefox’s security protections, potentially putting users at risk. The update, which brings Firefox to version 136.0.4, follows Google’s recent patch for a similar issue in Chrome.

    Security Risk and Exploitation Details

    The vulnerability enabled attackers to escape Firefox’s sandbox, a critical security feature that isolates the browser from other applications and user data.

    If successfully exploited, this flaw could grant attackers deeper system access, increasing the risk of data breaches or malware execution. Mozilla has urged all users to update their browsers immediately to mitigate potential threats.

    Impact on Other Browsers

    Other browsers built on Firefox’s codebase, including the Tor Browser, were also affected. In response, the Tor Project has issued a security update, bringing its browser to version 14.0.7 to ensure privacy-focused users remain protected.

    Previous Zero-Day Exploit in Firefox

    Earlier this year, Mozilla addressed another critical zero-day vulnerability (CVE-2024-9680) in Firefox, which had a CVSS severity score of 9.8. This flaw allowed remote code execution without user interaction, posing a significant cybersecurity risk.

    • The Russia-aligned threat group RomCom exploited this vulnerability alongside a Windows Task Scheduler flaw (CVE-2024-49039) to bypass Firefox’s sandbox and execute arbitrary code.
    • The primary targets of these attacks were users in Europe and North America.
    • Mozilla released patches on October 9th, updating Firefox to version 131.0.2 and Firefox ESR to version 128.3.1 to address the issue.

    Ongoing Cybersecurity Threats

    Security researcher Boris Larin from Kaspersky, who initially discovered the Chrome zero-day vulnerability, confirmed that the root cause of the Chrome flaw also impacts Firefox.

    Kaspersky linked this vulnerability to cyberattacks on journalists, educational institutions, and government organizations in Russia, raising concerns about potential espionage and broader cybersecurity threats.

    Ensuring Browser Security

    While Mozilla has responded quickly to mitigate risks, the discovery of similar vulnerabilities in both Firefox and Chrome highlights the persistent challenges in browser security. Given the increasing sophistication of cyber threats, users are strongly encouraged to:

    • Keep their browsers updated to the latest versions.
    • Enable automatic security updates for real-time protection.
    • Remain vigilant against potential cyber threats targeting widely used applications.

    These measures are essential for maintaining security and reducing the risks posed by zero-day exploits and advanced persistent threat (APT) groups.

    browser Cyberattack Firefox Google chrome Mozilla Security
    Share. Facebook Twitter Pinterest LinkedIn Tumblr Email
    Previous ArticleYouTube Tests New System to Reduce Notifications from Inactive Channels
    Next Article Google NotebookLM Adds Mind Maps and Language Selector for Smarter AI Assistance
    EchoCraft AI

    Related Posts

    Apps

    Opera Introduces Neon, An AI-First Browser for the Agentic Web

    May 28, 2025
    Apps

    WhatsApp Expands Voice Chat Feature to All Group Chats with End-to-End Encryption

    May 23, 2025
    Apps

    Signal’s Windows App Adds Screenshot Blocking to Address Privacy Concerns

    May 22, 2025
    Add A Comment
    Leave A Reply Cancel Reply

    Search
    Top Posts

    Samsung Galaxy S25 Rumours of A New Face in 2025

    March 19, 2024371 Views

    CapCut Ends Free Cloud Storage, Introduces Paid Plans Starting August 5

    July 12, 2024145 Views

    Windows 12 Revealed A new impressive Future Ahead

    February 29, 2024126 Views
    Categories
    • AI
    • Apps
    • Computers
    • Gadgets
    • Gaming
    • Innovations
    • Live Updates
    • Science
    • Smart Phone
    • Social Media
    • Tech News
    • Uncategorized
    Latest in AI
    AI

    Perplexity Labs Launches, Automating Spreadsheets, Reports, and Web App Creation

    EchoCraft AIMay 31, 2025
    AI

    Hugging Face Introduces Two Open-Source Humanoid Robots to Expand Access to Robotics

    EchoCraft AIMay 31, 2025
    AI

    Tencent Releases HunyuanPortrait: Open-Source AI Model for Animating Still Portraits

    EchoCraft AIMay 29, 2025
    AI

    DeepSeek Releases Updated R1 AI Model on Hugging Face Under MIT License

    EchoCraft AIMay 29, 2025
    AI

    OpenAI Explores “Sign in with ChatGPT” Feature to Broaden Ecosystem Integration

    EchoCraft AIMay 28, 2025

    Subscribe to Updates

    Get the latest tech news from FooBar about tech, design and biz.

    Stay In Touch
    • Facebook
    • YouTube
    • Twitter
    • Instagram
    • Pinterest
    Tags
    2024 Adobe AI AI agents AI Model Amazon android Anthropic apple Apple Intelligence Apps ChatGPT Claude AI Copilot Elon Musk Galaxy S25 Gaming Gemini Generative Ai Google Google I/O 2025 Grok AI India Innovation Instagram IOS iphone Meta Meta AI Microsoft NVIDIA Open-Source AI OpenAI Open Ai PC Reasoning Model Samsung Smart phones Smartphones Social Media TikTok U.S whatsapp xAI Xiaomi
    Most Popular

    Samsung Galaxy S25 Rumours of A New Face in 2025

    March 19, 2024371 Views

    Apple A18 Pro Impressive Leap in Performance

    April 16, 202465 Views

    Google’s Tensor G4 Chipset: What to Expect?

    May 11, 202449 Views
    Our Picks

    Apple Previews Major Accessibility Upgrades, Explores Brain-Computer Interface Integration

    May 13, 2025

    Apple Advances Custom Chip Development for Smart Glasses, Macs, and AI Systems

    May 9, 2025

    Cloud Veterans Launch ConfigHub to Address Configuration Challenges

    March 26, 2025

    Subscribe to Updates

    Get the latest creative news from FooBar about art, design and business.

    Facebook X (Twitter) Instagram Pinterest
    • Home
    • Contact Us
    • Privacy Policy
    • Terms & Conditions
    • About Us
    © 2025 EchoCraft AI. All Right Reserved

    Type above and press Enter to search. Press Esc to cancel.

    Manage Consent
    To provide the best experiences, we use technologies like cookies to store and/or access device information. Consenting to these technologies will allow us to process data such as browsing behavior or unique IDs on this site. Not consenting or withdrawing consent, may adversely affect certain features and functions.
    Functional Always active
    The technical storage or access is strictly necessary for the legitimate purpose of enabling the use of a specific service explicitly requested by the subscriber or user, or for the sole purpose of carrying out the transmission of a communication over an electronic communications network.
    Preferences
    The technical storage or access is necessary for the legitimate purpose of storing preferences that are not requested by the subscriber or user.
    Statistics
    The technical storage or access that is used exclusively for statistical purposes. The technical storage or access that is used exclusively for anonymous statistical purposes. Without a subpoena, voluntary compliance on the part of your Internet Service Provider, or additional records from a third party, information stored or retrieved for this purpose alone cannot usually be used to identify you.
    Marketing
    The technical storage or access is required to create user profiles to send advertising, or to track the user on a website or across several websites for similar marketing purposes.
    Manage options Manage services Manage {vendor_count} vendors Read more about these purposes
    View preferences
    {title} {title} {title}