Firefox Security Bug Patched

Mozilla has released an update for its Firefox browser, patching a security bug that was being exploited in the wild. The bug, tracked as CVE-2025-2857, is similar to a bug recently patched in Google Chrome and allowed attackers to escape Firefox's sandbox, potentially giving them access to sensitive data.

The bug was discovered by Kaspersky researcher Boris Larin, who also found that the root cause of the Chrome bug affected Firefox. Mozilla has updated Firefox to version 136.0.4, which includes the patch for the bug. The Tor Browser, which is based on the same codebase as Firefox, has also been updated to version 14.0.7.

The bug is a zero-day exploit, meaning that it was being used by attackers before a patch was available. Kaspersky has linked the use of the exploit to attacks on journalists, employees of educational institutions, and government organizations in Russia.

Mozilla has not released any further information about the bug or the attacks, but the company has encouraged users to update to the latest version of Firefox as soon as possible.