
Mozilla has released an emergency security update for Firefox, addressing a critical vulnerability reminiscent of one previously exploited in attacks targeting Russian organizations via the Chrome browser. The issue, designated CVE-2025-2857, affects only the Windows version of Firefox and enables attackers to bypass the browser’s sandbox protections, thereby gaining broader access to the system. According to Mozilla, there is no evidence thus far of this flaw being actively exploited in the wild.
Firefox engineers discovered the vulnerability shortly after Google disclosed that an unknown threat actor had abused a similar flaw in Chrome—CVE-2025-2783—to escape the browser’s sandbox. A detailed report by a Russian cybersecurity firm revealed that the exploit was used in an espionage campaign against media and educational institutions in Russia. Researchers described the vulnerability as one of the most intriguing in recent memory, noting that the attackers bypassed Chrome’s defenses with surgical precision, as though the safeguards were nonexistent.
The sandboxing mechanism plays a pivotal role in browser security, isolating potentially dangerous code from the broader system. In this instance, however, it proved ineffective. The sophistication of the attack and the advanced tools employed suggest a nation-state actor may be behind the campaign, though no definitive attribution has been made.
The U.S. Cybersecurity and Infrastructure Security Agency (CISA) has already added CVE-2025-2783 to its official catalog of known exploited vulnerabilities, emphasizing that such flaws frequently serve as entry points into critical systems and pose significant risks to federal infrastructure.
This incident is not isolated. In October, Mozilla addressed another critical bug—CVE-2024-9680—which allowed remote code execution within the content process of the browser, requiring no user interaction and minimal effort on the attacker’s part.