Tag :
Cyber Security

Summary

Vulnerability NameMozilla Firefox Sandbox Escape (CVE-2025-2857)
Released onMarch 28, 2025
Affected ComponentMozilla Firefox
Affected Version

Firefox < 136.0.4

Firefox Extended Support Release (ESR) < 115.21.1

Firefox ESR < 128.8.1

Vulnerability TypeSandbox escape
Exploitation Condition
  1. User authentication: not required.
  2. Precondition: default configurations.
  3. Trigger mode: remote.
Impact

Exploitation difficulty: easy. This vulnerability enables remote code execution without authorization.

Severity: high. This vulnerability may result in remote code execution.

Official SolutionAvailable

Solutions

Remediation Solutions

Version Check

To view the version information, open the Mozilla Firefox browser, click the Menu icon (three horizontal lines stacked vertically) in the upper-right corner of the browser, and choose Help > About Firefox.

Official Solution

The latest version has been officially released to fix the vulnerability. Affected Windows users are advised to update Mozilla Firefox to one of the following versions as needed:

Firefox 136.0.4

Firefox ESR 115.21.1

Firefox ESR 128.8.1

Download link: https://www.mozilla.org/en-US/firefox/new/

Sangfor Solutions

Risky Asset Discovery

Sangfor Endpoint Secure can proactively detect vulnerabilities in Mozilla Firefox, and has provided a solution to discover assets vulnerable to the Mozilla Firefox Sandbox Escape (CVE-2025-2857) vulnerability in batches. The corresponding fingerprint ID is 0000322.

Timeline

On March 28, 2025, Sangfor FarSight Labs received notification of the sandbox escape vulnerability in Mozilla Firefox (CVE-2025-2857).

On March 28, 2025, Sangfor FarSight Labs released a vulnerability alert.

References

https://www.mozilla.org/en-US/security/advisories/mfsa2025-19/#CVE-2025-2857

Learn More

Sangfor FarSight Labs researches the latest cyber threats and unknown zero-day vulnerabilities, alerting customers to potential dangers to their organizations, and providing real-time solutions with actionable intelligence. Sangfor FarSight Labs works with other security vendors and the security community at large to identify and verify global cyber threats, providing fast and easy protection for customers.

Listen To This Post

Search

Keyword maximum 256 character

Get in Touch

Get in Touch with Sangfor Team for Business Inquiry

Name
Email Address
Business Phone Number
Tell us about your project requirements

Related Articles

CVE-2025-30727: Oracle E-Business Suite Remote Code Execution

Date : 16 Apr 2025
Read Now

CVE-2025-22457: Buffer Overflow Vulnerability in Multiple Ivanti Products

Date : 14 Apr 2025
Read Now

Roundup of Microsoft Patch Tuesday (April 2025)

Date : 14 Apr 2025
Read Now

See Other Product

Platform-X
Sangfor Access Secure - A SASE Solution
Sangfor SSL VPN
Best Darktrace Cyber Security Competitors and Alternatives in 2025
Sangfor Omni-Command
Replace your Enterprise NGAV with Sangfor Endpoint Secure

Meet the Author

Sangfor HQ Building

Sangfor Technologies

Sangfor Technologies is a leading vendor of Cyber Security and Cloud Computing solutions. The majority of the blogs that you are seeing here are written by professionals working at Sangfor. We have a team of content writers, product managers and marketing experts who are taking care of writing articles on various topics that are relevant to our audience. Our team ensures that the articles published are factually correct and helpful to our customers and partners to know more about the recent trends on Cyber Security and Cloud, and how it can help their organizations.

  • facebook
  • twitter
  • linkedin
  • youtube
  • instagram
See Author's Detail