- Kaspersky recently discovered a zero day vulnerability on Google Chrome
- Mozilla now says he has found a similar problem in Firefox
- The error was used to attack Russian objectives in a cybernetic fans campaign
A worrying security defect has now been discovered, similar to the problem of Chrome’s zero days recently seen and patching by Google, it has been discovered and remedied in the Firefox browser.
In a security notice published on March 27, 2025, Mozilla said after the discovery of Chrome Sandbox’s escape vulnerability, “several Firefox developers” found a similar pattern in the NPC code of the browser.
“A committed child process could cause the parents’ process to return an involuntarily powerful handle, which leads to a sandbox escape,” Mozilla explained. Escape from the sand box is one of the “main security defenses” of the browser, reports Cyberinsidic.
Patch the error
A sandbox in a web browser is a safety mechanism that isolates the execution of web content (such as JavaScript, plugins or iframes) of the rest of the system.
The objective is to prevent potentially malicious websites or scripts from accessing the user’s confidential data, modifying system files or interfering with other applications.
When “escaping from the sandbox”, cybercriminals could have the malware executed on the destination computer through the browser.
A patch has been launched, and Firefox users are advised to update their browsers to Firefox Versions 136.0.4, Firefox ESR 128.8.1, Firefox ESR 115.21.1 to mitigate the problem. Mozilla also added that the error affects Firefox in Windows, and that other operating systems are not affected.
He stressed that the chrome insect was being exploited in nature, which suggests that the Firefox remained hidden.
Chrome’s original vulnerability is tracked as CVE-2025-2783, while the Firefox One is being tracked as CVE-2025-2857. A gravity score has not yet been assigned.
Neither Google, nor Mozilla, discussed threat actors or victims. However, Kaspersky’s researchers (who originally found the error) said the failure was used to attack people in Russia.
The campaign involved Phishing, redirecting the victims to Primakovreadings[dot]information. The entire campaign was called Operation Forumtroll and, apparently, the objective is to carry out cyber contempt.
