Mozilla has confirmed that Firefox is vulnerable to a serious security flaw closely mirroring a recent zero-day exploit in Google Chrome. The revelation follows Google’s disclosure of CVE-2025-2783, a sandbox escape vulnerability used in targeted attacks against Russian organizations.
Chrome Zero-Day Used in Russian Targeted Campaigns
Earlier this week, Google released a security update for Chrome addressing CVE-2025-2783, which was discovered by cybersecurity firm Kaspersky. According to the firm, the exploit has been active since at least mid-March and was used in a state-linked cyber campaign known as Operation ForumTroll. The attackers sent fake invitations to a scientific forum to lure victims from media, education, and government sectors in Russia.
The Chrome vulnerability allowed threat actors to break out of the browser’s sandbox. It was part of a larger exploit chain, including an unidentified second flaw, that enabled remote code execution.
Firefox Vulnerability Shares Similar Exploit Path
After analyzing the Chrome bug, Firefox developers discovered a similar vulnerability in their browser’s inter-process communication (IPC) code. The issue, now tracked as CVE-2025-2857, stems from incorrect handle management. In simple terms, a compromised child process could trick the parent process into granting elevated access—effectively enabling a sandbox escape.
This critical flaw only affects Firefox for Windows, and Mozilla has already released patches through versions 136.0.4, 128.8.1 ESR, and 115.21.1 ESR to resolve the issue.
While Mozilla acknowledged the exploit’s similarity to the Chrome flaw, the company did not report any confirmed attacks targeting Firefox users. However, the urgency of the patch suggests that proactive mitigation is crucial.
CISA Flags Chrome Bug as Actively Exploited
The U.S. Cybersecurity and Infrastructure Security Agency (CISA) added Chrome’s CVE-2025-2783 to its Known Exploited Vulnerabilities (KEV) catalog. It also warned that other Chromium-based browsers, including Microsoft Edge and Opera, might be affected. So far, Microsoft hasn’t issued any public advisories addressing the vulnerability in Edge.
While Chrome often finds itself in the crosshairs of attackers, Firefox vulnerabilities have occasionally been exploited in the wild. One notable example occurred in November 2024, when ESET revealed that a Russian APT group had combined zero-days in Firefox and Windows to install a stealthy backdoor.
Despite the lower frequency of Firefox-targeted exploits, this recent vulnerability highlights the need for users and organizations to stay current with browser updates.
