Mozilla has mounted a safety bug in its Firefox for Home windows browser that was “being exploited within the wild.”
In a brief update, Mozilla mentioned it up to date the browser to Firefox model 136.0.4 after figuring out and fixing the brand new bug, tracked as CVE-2025-2857, which presents a “comparable sample” to a bug that Google patched in its Chrome browser earlier this week.
Anybody exploiting the bug might escape Firefox’s sandbox, which limits the browser’s entry to different apps and knowledge on the consumer’s laptop.
The bug additionally impacts different browsers with the identical codebase as Firefox for Home windows, such because the Tor Browser, which additionally received a patch updating the browser to 14.0.7.
Kaspersky researcher Boris Larin, who first found the Chrome zero-day, confirmed in a post that the foundation reason for the Chrome bug additionally impacts Firefox. Kaspersky beforehand linked the use of the exploits to assaults on journalists, workers of instructional establishments, and authorities organizations in Russia.