{"dataType": "CVE_RECORD", "dataVersion": "5.2", "cveMetadata": {"cveId": "CVE-2025-2857", "assignerOrgId": "f16b083a-5664-49f3-a51e-8d479e5ed7fe", "state": "PUBLISHED", "assignerShortName": "mozilla", "dateReserved": "2025-03-27T10:54:42.071Z", "datePublished": "2025-03-27T13:27:57.377Z", "dateUpdated": "2026-04-13T14:30:19.981Z"}, "containers": {"cna": {"affected": [{"product": "Firefox", "vendor": "Mozilla", "versions": [{"status": "unaffected", "version": "115.21.1", "lessThanOrEqual": "115.*", "versionType": "rpm"}, {"status": "unaffected", "version": "128.8.1", "lessThanOrEqual": "128.*", "versionType": "rpm"}, {"status": "unaffected", "version": "136.0.4", "lessThanOrEqual": "*", "versionType": "rpm"}]}], "descriptions": [{"lang": "en", "value": "Following the recent Chrome sandbox escape (CVE-2025-2783), various Firefox developers identified a similar pattern in our IPC code. A compromised child process could cause the parent process to return an unintentionally powerful handle, leading to a sandbox escape. \nThe original vulnerability was being exploited in the wild. \n*This only affects Firefox on Windows. Other operating systems are unaffected.*. This vulnerability was fixed in Firefox 136.0.4, Firefox ESR 128.8.1, and Firefox ESR 115.21.1.", "supportingMedia": [{"type": "text/html", "base64": false, "value": "Following the recent Chrome sandbox escape (CVE-2025-2783), various Firefox developers identified a similar pattern in our IPC code. A compromised child process could cause the parent process to return an unintentionally powerful handle, leading to a sandbox escape. <br>The original vulnerability was being exploited in the wild. <br>*This only affects Firefox on Windows. Other operating systems are unaffected.*. This vulnerability was fixed in Firefox 136.0.4, Firefox ESR 128.8.1, and Firefox ESR 115.21.1."}]}], "title": "Incorrect handle could lead to sandbox escapes", "references": [{"url": "https://bugzilla.mozilla.org/show_bug.cgi?id=1956398"}, {"url": "https://issues.chromium.org/issues/405143032", "name": "CVE-2025-2783"}, {"url": "https://www.cve.org/CVERecord?id=CVE-2025-2783", "name": "CVE-2025-2783"}, {"url": "https://www.mozilla.org/security/advisories/mfsa2025-19/"}], "credits": [{"lang": "en", "value": "Andrew McCreight"}], "providerMetadata": {"orgId": "f16b083a-5664-49f3-a51e-8d479e5ed7fe", "shortName": "mozilla", "dateUpdated": "2026-04-13T14:30:19.981Z"}}, "adp": [{"problemTypes": [{"descriptions": [{"type": "CWE", "cweId": "CWE-668", "lang": "en", "description": "CWE-668 Exposure of Resource to Wrong Sphere"}]}], "metrics": [{"cvssV3_1": {"scope": "CHANGED", "version": "3.1", "baseScore": 10, "attackVector": "NETWORK", "baseSeverity": "CRITICAL", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H", "integrityImpact": "HIGH", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "HIGH", "privilegesRequired": "NONE", "confidentialityImpact": "HIGH"}}, {"other": {"type": "ssvc", "content": {"timestamp": "2025-03-28T15:23:40.271763Z", "id": "CVE-2025-2857", "options": [{"Exploitation": "none"}, {"Automatable": "yes"}, {"Technical Impact": "total"}], "role": "CISA Coordinator", "version": "2.0.3"}}}], "title": "CISA ADP Vulnrichment", "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2025-10-31T13:23:45.890Z"}}]}}

{"dataType": "CVE_RECORD", "containers": {"adp": [{"title": "CISA ADP Vulnrichment", "metrics": [{"cvssV3_1": {"scope": "CHANGED", "version": "3.1", "baseScore": 10, "attackVector": "NETWORK", "baseSeverity": "CRITICAL", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H", "integrityImpact": "HIGH", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "HIGH", "privilegesRequired": "NONE", "confidentialityImpact": "HIGH"}}, {"other": {"type": "ssvc", "content": {"id": "CVE-2025-2857", "role": "CISA Coordinator", "options": [{"Exploitation": "none"}, {"Automatable": "yes"}, {"Technical Impact": "total"}], "version": "2.0.3", "timestamp": "2025-03-28T15:23:40.271763Z"}}}], "problemTypes": [{"descriptions": [{"lang": "en", "type": "CWE", "cweId": "CWE-668", "description": "CWE-668 Exposure of Resource to Wrong Sphere"}]}], "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2025-03-28T15:25:30.861Z"}}], "cna": {"title": "Incorrect handle could lead to sandbox escapes", "credits": [{"lang": "en", "value": "Andrew McCreight"}], "affected": [{"vendor": "Mozilla", "product": "Firefox", "versions": [{"status": "unaffected", "version": "115.21.1", "versionType": "rpm", "lessThanOrEqual": "115.*"}, {"status": "unaffected", "version": "128.8.1", "versionType": "rpm", "lessThanOrEqual": "128.*"}, {"status": "unaffected", "version": "136.0.4", "versionType": "rpm", "lessThanOrEqual": "*"}]}], "references": [{"url": "https://bugzilla.mozilla.org/show_bug.cgi?id=1956398"}, {"url": "https://issues.chromium.org/issues/405143032", "name": "CVE-2025-2783"}, {"url": "https://www.cve.org/CVERecord?id=CVE-2025-2783", "name": "CVE-2025-2783"}, {"url": "https://www.mozilla.org/security/advisories/mfsa2025-19/"}], "descriptions": [{"lang": "en", "value": "Following the recent Chrome sandbox escape (CVE-2025-2783), various Firefox developers identified a similar pattern in our IPC code. A compromised child process could cause the parent process to return an unintentionally powerful handle, leading to a sandbox escape. \nThe original vulnerability was being exploited in the wild. \n*This only affects Firefox on Windows. Other operating systems are unaffected.*. This vulnerability was fixed in Firefox 136.0.4, Firefox ESR 128.8.1, and Firefox ESR 115.21.1.", "supportingMedia": [{"type": "text/html", "value": "Following the recent Chrome sandbox escape (CVE-2025-2783), various Firefox developers identified a similar pattern in our IPC code. A compromised child process could cause the parent process to return an unintentionally powerful handle, leading to a sandbox escape. <br>The original vulnerability was being exploited in the wild. <br>*This only affects Firefox on Windows. Other operating systems are unaffected.*. This vulnerability was fixed in Firefox 136.0.4, Firefox ESR 128.8.1, and Firefox ESR 115.21.1.", "base64": false}]}], "providerMetadata": {"orgId": "f16b083a-5664-49f3-a51e-8d479e5ed7fe", "shortName": "mozilla", "dateUpdated": "2026-04-13T14:30:19.981Z"}}}, "cveMetadata": {"cveId": "CVE-2025-2857", "state": "PUBLISHED", "dateUpdated": "2026-04-13T14:30:19.981Z", "dateReserved": "2025-03-27T10:54:42.071Z", "assignerOrgId": "f16b083a-5664-49f3-a51e-8d479e5ed7fe", "datePublished": "2025-03-27T13:27:57.377Z", "assignerShortName": "mozilla"}, "dataVersion": "5.2"}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:mozilla:firefox:*:*:*:*:-:*:*:*", "matchCriteriaId": "8D63728B-F6A1-4AE4-8E2A-06279158154D", "versionEndExcluding": "136.0.4", "vulnerable": true}], "negate": false, "operator": "OR"}]}, {"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:mozilla:firefox:*:*:*:*:esr:*:*:*", "matchCriteriaId": "49918C23-8656-4D5F-B626-1B7ED8E45F8F", "versionEndExcluding": "115.21.1", "vulnerable": true}, {"criteria": "cpe:2.3:a:mozilla:firefox:*:*:*:*:esr:*:*:*", "matchCriteriaId": "D508F954-1ED2-4185-96B1-571172C5897D", "versionEndExcluding": "128.8.1", "versionStartIncluding": "128.1.0", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "cveTags": [], "descriptions": [{"lang": "en", "value": "Following the recent Chrome sandbox escape (CVE-2025-2783), various Firefox developers identified a similar pattern in our IPC code. A compromised child process could cause the parent process to return an unintentionally powerful handle, leading to a sandbox escape. \nThe original vulnerability was being exploited in the wild. \n*This only affects Firefox on Windows. Other operating systems are unaffected.*. This vulnerability was fixed in Firefox 136.0.4, Firefox ESR 128.8.1, and Firefox ESR 115.21.1."}, {"lang": "es", "value": "Tras la reciente fuga de la sandbox de Chrome (CVE-2025-2783), varios desarrolladores de Firefox identificaron un patr\u00f3n similar en nuestro c\u00f3digo IPC. Un proceso secundario comprometido pod\u00eda provocar que el proceso principal devolviera un identificador involuntariamente potente, lo que provocaba una fuga de la sandbox. La vulnerabilidad original se estaba explotando in situ. *Esto solo afecta a Firefox en Windows. Otros sistemas operativos no se ven afectados.* Esta vulnerabilidad afecta a Firefox &lt; 136.0.4, Firefox ESR &lt; 128.8.1 y Firefox ESR &lt; 115.21.1."}], "id": "CVE-2025-2857", "lastModified": "2026-04-13T15:16:56.047", "metrics": {"cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 10.0, "baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "CHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H", "version": "3.1"}, "exploitabilityScore": 3.9, "impactScore": 6.0, "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "type": "Secondary"}]}, "published": "2025-03-27T14:15:55.720", "references": [{"source": "security@mozilla.org", "tags": ["Permissions Required"], "url": "https://bugzilla.mozilla.org/show_bug.cgi?id=1956398"}, {"source": "security@mozilla.org", "tags": ["Permissions Required"], "url": "https://issues.chromium.org/issues/405143032"}, {"source": "security@mozilla.org", "tags": ["Third Party Advisory"], "url": "https://www.cve.org/CVERecord?id=CVE-2025-2783"}, {"source": "security@mozilla.org", "tags": ["Vendor Advisory"], "url": "https://www.mozilla.org/security/advisories/mfsa2025-19/"}], "sourceIdentifier": "security@mozilla.org", "vulnStatus": "Modified", "weaknesses": [{"description": [{"lang": "en", "value": "NVD-CWE-noinfo"}], "source": "nvd@nist.gov", "type": "Primary"}, {"description": [{"lang": "en", "value": "CWE-668"}], "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "type": "Secondary"}]}

{"bugzilla": {"description": "firefox: Firefox IPC sandbox escape on windows", "id": "2355327", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2355327"}, "csaw": false, "details": ["Following the recent Chrome sandbox escape (CVE-2025-2783), various Firefox developers identified a similar pattern in our IPC code. A compromised child process could cause the parent process to return an unintentionally powerful handle, leading to a sandbox escape. \nThe original vulnerability was being exploited in the wild. \n*This only affects Firefox on Windows. Other operating systems are unaffected.* This vulnerability affects Firefox < 136.0.4, Firefox ESR < 128.8.1, and Firefox ESR < 115.21.1."], "name": "CVE-2025-2857", "package_state": [{"cpe": "cpe:/o:redhat:enterprise_linux:10", "fix_state": "Not affected", "package_name": "firefox", "product_name": "Red Hat Enterprise Linux 10"}, {"cpe": "cpe:/o:redhat:enterprise_linux:6", "fix_state": "Not affected", "package_name": "firefox", "product_name": "Red Hat Enterprise Linux 6"}, {"cpe": "cpe:/o:redhat:enterprise_linux:7", "fix_state": "Not affected", "package_name": "firefox", "product_name": "Red Hat Enterprise Linux 7"}, {"cpe": "cpe:/o:redhat:enterprise_linux:8", "fix_state": "Not affected", "package_name": "firefox", "product_name": "Red Hat Enterprise Linux 8"}, {"cpe": "cpe:/o:redhat:enterprise_linux:9", "fix_state": "Not affected", "package_name": "firefox", "product_name": "Red Hat Enterprise Linux 9"}, {"cpe": "cpe:/o:redhat:enterprise_linux:9", "fix_state": "Not affected", "package_name": "firefox:flatpak/firefox", "product_name": "Red Hat Enterprise Linux 9"}], "public_date": "2025-03-27T13:27:57Z", "references": ["https://www.cve.org/CVERecord?id=CVE-2025-2857\nhttps://nvd.nist.gov/vuln/detail/CVE-2025-2857\nhttps://bugzilla.mozilla.org/show_bug.cgi?id=1956398\nhttps://issues.chromium.org/issues/405143032\nhttps://www.mozilla.org/security/advisories/mfsa2025-19/"], "statement": "This vulnerability is specific to the Windows operating system and therefore does not affect any currently supported Red Hat products."}

{"analysis": {"en": {"generated_at": "2026-04-20T18:18:25.911326+00:00", "value": {"mitigation_remediation": ["Upgrade to Firefox 136.0.4 or the latest ESR update (128.8.1 or 115.21.1).", "Ensure no legacy Firefox versions are installed on Windows endpoints.", "Monitor Mozilla security advisories for any additional updates or guidance."], "summary": {"action": "Patch", "impact": "Sandbox escape leading to privilege escalation"}, "threat_synthesis": {"affected_systems": "Mozilla Firefox installations running on Windows are affected. Versions prior to 136.0.4, as well as Firefox ESR 128.8.1 and ESR 115.21.1, contain the vulnerability. Other operating systems are not impacted.", "description_and_impact": "The vulnerability stems from IPC code handling in Firefox, where a compromised child process can cause the parent to return an unintentionally powerful handle. This results in a sandbox escape, allowing the attacker to bypass the isolation guarantees of the sandbox and potentially execute code with elevated privileges. The flaw is classified as CWE-668.", "risk_and_exploitability": "The CVSS score of 10 indicates critical severity, while the EPSS score of less than 1% suggests a low likelihood of widespread exploitation at current time. The vulnerability was exploited in the wild, and the attack vector involves a compromised child process interacting with IPC mechanisms. The issue is not listed in the CISA KEV catalog."}}}}, "created": "2026-04-20T18:30:13.976773+00:00", "updated": "2026-04-20T18:30:13.976790+00:00", "vendors": []}