New zero-day for Firefox on Windows has patched. This does not affect users on Mac OS or Linux.
Mozilla has patched a critical security flaw in its Firefox browser, just days after Google addressed a similar vulnerability that had been exploited as a zero-day in espionage attacks against Russian organizations.
The Firefox flaw, tracked as CVE-2025-2857, allows attackers to escape the browser’s sandbox protections and gain broader system access. According to Mozilla, this issue affects only Firefox on Windows. There is no evidence that the vulnerability has been exploited in the wild.
Firefox developers discovered the issue after Google disclosed that unknown hackers had exploited a previously unreported bug, now tracked as CVE-2025-2783, to break out of Chrome’s protective system.