VYPR
Critical severity10.0NVD Advisory· Published Mar 27, 2025· Updated Apr 13, 2026

CVE-2025-2857

CVE-2025-2857

Description

Following the recent Chrome sandbox escape (CVE-2025-2783), various Firefox developers identified a similar pattern in our IPC code. A compromised child process could cause the parent process to return an unintentionally powerful handle, leading to a sandbox escape. The original vulnerability was being exploited in the wild. *This only affects Firefox on Windows. Other operating systems are unaffected.*. This vulnerability was fixed in Firefox 136.0.4, Firefox ESR 128.8.1, and Firefox ESR 115.21.1.

AI Insight

LLM-synthesized narrative grounded in this CVE's description and references.

Affected products

7

Patches

Vulnerability mechanics

References

4

News mentions

0

No linked articles in our index yet.