1. Forum
  2. tqwNet
  3. TQW GENTECH

  • Firefox patches zero-day security flaw days after Chrome fixes th

    From TechnologyDaily@1337:1/100 to All on Friday, March 28, 2025 16:30:08
    Firefox patches zero-day security flaw days after Chrome fixes the same issue

    Date:
    Fri, 28 Mar 2025 16:19:00 +0000

    Description:
    A bug similar to one recently found in Google Chrome was also spotted in Firefox and subsequently fixed.

    FULL STORY ======================================================================Kaspersk y recently uncovered a zero-day vulnerability in Google Chrome Mozilla now says it has found a similar issue in Firefox The bug was used to target Russian targets in a cyber-espionage campaign

    A worrying security flaw, similar to the Chrome zero-day issue recently spotted and patched by Google , has now been discovered, and remedied, in the Firefox browser.

    In a security advisory published on March 27, 2025, Mozilla said after the discovery of the Chrome sandbox escape vulnerability, various Firefox developers found a similar pattern in the browser s IPC code.

    A compromised child process could cause the parent process to return an unintentionally powerful handle, leading to a sandbox escape, Mozilla explained. Escaping the sandbox is one of the browsers primary security defenses, reports CyberInsider .

    Monitor your credit score with TransUnion starting at $29.95/month

    TransUnion is a credit monitoring service that helps you stay on top of your financial health. With real-time alerts, credit score tracking, and identity theft protection, it ensures you never miss important changes. You'll benefit from a customizable online interface with clear insights into your credit profile. Businesses also benefit from TransUnions advanced risk assessment tools.

    Preferred partner ( What does this mean? ) View Deal Patching the bug

    A sandbox in a web browser is a security mechanism that isolates running web content (such as JavaScript, plugins, or iframes) from the rest of the
    system.

    The goal is to prevent potentially malicious websites or scripts from accessing sensitive user data, modifying system files, or interfering with other applications.

    By escaping the sandbox, cybercriminals could have malware run on the target computer through the browser.

    A patch has been released, and Firefox users are advised to update their browsers to versions Firefox 136.0.4, Firefox ESR 128.8.1, Firefox ESR 115.21.1 to mitigate the issue. Mozilla also added that the bug affects Firefox on Windows, and that other operating systems are unaffected.

    It stressed that the Chrome bug was being exploited in the wild, suggesting that the Firefox one remained hidden.

    Chromes original vulnerability is tracked as CVE-2025-2783, while the Firefox one is being tracked as CVE-2025-2857. No severity score has yet been assigned.

    Nor Google, nor Mozilla, discussed the threat actors or the victims. However, researchers from Kaspersky (who originally found the bug) said that the flaw was used to target people in Russia.

    The campaign involved phishing, redirecting victims to primakovreadings[dot]info. The entire campaign was dubbed Operation
    ForumTroll and apparently, the goal is to conduct cyber-espionage. You might also like Google Chrome security flaw could have let hackers spy on all your online habits We've rounded up the best password managers Take a look at our guide to the best authenticator app



    ======================================================================
    Link to news story: https://www.techradar.com/pro/security/firefox-patches-zero-day-security-flaw- days-after-chrome-fixes-the-same-issue


    --- Mystic BBS v1.12 A47 (Linux/64)
    * Origin: tqwNet Technology News (1337:1/100)