While Mozilla has not confirmed whether the Firefox vulnerability was exploited in the wild, the advisory notes that the “original vulnerability was being exploited in the wild,” likely referring to the Chrome zero-day. Mozilla researcher Andrew McCreight is credited with discovering the vulnerability after Firefox developers identified a pattern similar to the recently exploited Chrome vulnerability. The patch comes shortly after Google patched a similar zero-day vulnerability in Chrome that was being actively exploited in the wild. Cyber Security News is a Dedicated News Platform For Cyber News, Cyber Attack News, Hacking News & Vulnerability Analysis. The vulnerability has been classified as “critical” due to its potential impact and the fact that attackers were actively exploiting a similar vulnerability in Chrome. Automatic updates are typically enabled by default, but users can manually check for updates by clicking the menu button, selecting “Help,” and then “About Firefox.” The browser will automatically check for and install any available updates. A sandbox escape vulnerability allows malicious code to break out of these restrictions, potentially giving attackers access to the underlying operating system. This incident highlights browser vendors’ ongoing security challenges and the importance of rapid response to zero-day vulnerabilities, especially when similar flaws exist across different browsers. Quickly identifying and patching this vulnerability demonstrates the value of cross-browser security research and collaboration within the cybersecurity community. The vulnerability specifically affects Firefox running on Windows operating systems. The flaw could allow a compromised child process to trick the parent process into returning a handle with elevated privileges, effectively bypassing the sandbox protection.
This Cyber News was published on cybersecuritynews.com. Publication date: Fri, 28 Mar 2025 08:35:15 +0000