10

CVE-2025-2857

Medienbericht

Incorrect handle could lead to sandbox escapes

Following the recent Chrome sandbox escape (CVE-2025-2783), various Firefox developers identified a similar pattern in our IPC code. A compromised child process could cause the parent process to return an unintentionally powerful handle, leading to a sandbox escape. 
The original vulnerability was being exploited in the wild. 
*This only affects Firefox on Windows. Other operating systems are unaffected.*. This vulnerability was fixed in Firefox 136.0.4, Firefox ESR 128.8.1, and Firefox ESR 115.21.1.
Daten sind bereitgestellt durch National Vulnerability Database (NVD)
MozillaFirefox SwEdition- Version < 136.0.4
MozillaFirefox SwEditionesr Version < 115.21.1
MozillaFirefox SwEditionesr Version >= 128.1.0 < 128.8.1
VulnDex Vulnerability Enrichment
Diese Information steht angemeldeten Benutzern zur Verfügung. Login Login
Zu dieser CVE wurde keine Warnung gefunden.
EPSS Metriken
Typ Quelle Score Percentile
EPSS FIRST.org 1.89% 0.77
CVSS Metriken
Quelle Base Score Exploit Score Impact Score Vector String
134c704f-9b21-4f2e-91b3-4a467353bcc0 10 3.9 6
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H
CWE-668 Exposure of Resource to Wrong Sphere

The product exposes a resource to the wrong control sphere, providing unintended actors with inappropriate access to the resource.

Für Zugriff zu Vulnerability Intelligence ist ein VulnDex Zugang erforderlich.
VulnDex Intel
Media Report
09.08.2025 11:36
https://issues.chromium.org/issues/405143032
Permissions Required
https://bugzilla.mozilla.org/show_bug.cgi?id=1956398
Permissions Required
https://www.mozilla.org/security/advisories/mfsa2025-19/
Vendor Advisory
https://www.cve.org/CVERecord?id=CVE-2025-2783
Third Party Advisory