Firefox Hit by Critical Security Flaw Echoing Chrome Zero-Day Used in Russian Cyberattacks
Mozilla has issued an urgent security fix for Firefox after discovering that a critical vulnerability—similar to a recently exploited Chrome zero-day—also exists in its browser code. This new Firefox flaw, now tracked as CVE-2025-2857, poses a serious threat to users, particularly on Windows systems.
Table of Contents
Flaw Mirrors Chrome Zero-Day Used in Targeted Attacks
The revelation comes just days after Google patched CVE-2025-2783, a severe Chrome vulnerability that had been actively exploited in the wild. The flaw, discovered and reported by cybersecurity firm Kaspersky, was part of a targeted campaign aimed at Russian media, educational institutions and government agencies. Attackers were able to escape Chrome’s sandbox protections, a key security feature designed to isolate processes and prevent full system compromise.
According to Kaspersky, the exploit had likely been in use since mid-March 2025, and was leveraged alongside another, unidentified vulnerability to execute remote code. The attack campaign, dubbed Operation ForumTroll, used fake invitations to a scientific forum as phishing bait—a classic social engineering trick that proved effective against high-value targets.
Mozilla Responds with Firefox Patch
In response to Chrome’s vulnerability disclosure, Mozilla developers conducted their own investigation and found that a similar issue existed in Firefox’s Inter-Process Communication (IPC) code. The Firefox bug also involves incorrect handle management, which could allow a compromised child process to trick the parent process into returning a more powerful handle than intended. This opens the door to a potential sandbox escape—a severe security lapse that could let attackers escalate their privileges or compromise additional system components.
Mozilla confirmed that this vulnerability only affects Firefox on Windows platforms. The issue has been resolved in the following Firefox updates:
- Firefox 136.0.4
- Firefox ESR 128.8.1
- Firefox ESR 115.21.1
The Tor Browser, which is based on Firefox, has also been updated to address the flaw.
No Firefox Exploits Confirmed—Yet
While Google confirmed that the Chrome vulnerability was actively exploited in cyberattacks, Mozilla has not yet seen evidence that the Firefox variant has been used in the wild. Still, the company moved swiftly to patch the issue, recognizing the potential for abuse—especially given the high-profile nature of the threat actors involved in Operation ForumTroll.
Broader Implications Across Browsers
The Chrome vulnerability has since been added to CISA’s Known Exploited Vulnerabilities (KEV) catalog, a list reserved for the most dangerous flaws confirmed to be used in real-world attacks. CISA also warned that other Chromium-based browsers—including Microsoft Edge and Opera—could be affected by similar flaws. Microsoft has already issued its own advisory in response.
Although Firefox is less frequently targeted than Chrome, it is not immune. Over the past decade, attackers have exploited more than a dozen significant vulnerabilities in the browser. In late November 2024, for example, cybersecurity firm ESET revealed that a Russian APT group had chained zero-days in both Firefox and Windows to deploy a stealthy backdoor.
What Firefox Users Should Do
If you’re using Firefox on Windows, you should update your browser immediately to one of the patched versions listed above. Users of the Tor Browser should also ensure they are running the latest version. Although no active Firefox attacks have been confirmed, the risk posed by CVE-2025-2857 is serious enough to warrant urgent action.
As this incident shows, zero-day vulnerabilities can cross browser boundaries, and attackers are quick to adapt their methods. Staying ahead means keeping your software updated and remaining cautious about clicking on suspicious links—no matter how legitimate they appear.