3 min read
A critical security vulnerability, initially discovered in Google Chrome, has now been found to affect Mozilla Firefox as well. The flaw tracked as CVE-2025-2783, prompted Google to release an emergency patch for Windows users earlier this week. In response, Mozilla also rolled out fixes for Firefox, despite its browser using a different engine than Chrome.
Unexpected Vulnerability Expands to Firefox
The security issue came as a surprise since Google attributed the vulnerability to a logic flaw in “unspecified circumstances in Mojo,” a programming language used in Windows. However, Mozilla’s security team found that the same exploit pattern could be observed within Firefox’s interprocess communications (IPC) code.
Mozilla stated in a blog post, “Following the sandbox escape in CVE-2025-2783, various Firefox developers identified a similar pattern in our IPC code.” IPC is a mechanism that facilitates data exchange between applications in Windows. This discovery indicates that the vulnerability stems from Windows’ internal processes rather than the Mojo programming language itself.
The vulnerability enables attackers to break out of the browser’s security sandbox, a critical protection layer designed to isolate malicious processes. Mozilla further explained, “Attackers were able to confuse the parent process into leaking handles into unprivileged child processes, leading to a sandbox escape.”
Emergency Fixes Released for Users
The flaw primarily impacts Firefox users on Windows. Mozilla responded swiftly by issuing security patches for affected versions, including Firefox 136.0.4, Firefox ESR 115.21.1, and Firefox ESR 128.8.1. Meanwhile, other Chromium-based browsers such as Microsoft Edge and Brave have also deployed patches to mitigate the risk.
Security researchers at Kaspersky reported that the vulnerability was actively exploited in a sophisticated cyber-espionage campaign named “Operation ForumTroll.” This campaign targeted Russian government agencies, journalists, and educational institutions through phishing emails that invited recipients to a political summit called “Primakov Readings.” When victims clicked the malicious links, attackers leveraged the vulnerability to execute spyware and gain unauthorized access to sensitive data.
Kaspersky’s security team noted, “The vulnerability CVE-2025-2783 really left us scratching our heads, as, without doing anything obviously malicious or forbidden, it allowed the attackers to bypass Google Chrome’s sandbox protection as if it didn’t even exist.”
Ongoing Investigation and Cybersecurity Concerns
The attackers’ ability to exploit this flaw for espionage raises concerns over the increasing sophistication of cyber threats. Kaspersky has confirmed that they were only able to recover the second stage of the attack, while the initial execution method remains unknown. However, the Chrome patch is expected to neutralize the entire attack chain.
This incident underscores the growing market for zero-day exploits, which can be sold for millions of dollars. Given the widespread impact, both Google and Mozilla continue to investigate the full scope of the vulnerability and work on strengthening their browser security measures.
Users are strongly advised to update their browsers immediately to protect their systems from potential cyberattacks.
