Following reports on hackers exploiting a dangerous zero-day on Chrome, Mozilla has released a similar fix for its browser. Tor urges users to update "immediately."
Highly sophisticated hackers are already exploiting a zero-day flaw on Chrome, attacking Russian media, educational and other organizations, Cybernews reports.
This flaw, labeled CVE-2025-2783, allows hackers to break out of a browser’s sandbox, which is an isolated environment in the browser keeping activities separate from the rest of the computer.
Following Chrome’s patch, Mozilla released an urgent update saying that various developers identified a similar pattern in Firefox’s IPC (inter-process communication) code.
“A compromised child process could cause the parent process to return an unintentionally powerful handle, leading to a sandbox escape. The original vulnerability was being exploited in the wild. This only affects Firefox on Windows. Other operating systems are unaffected,” Mozilla said in an advisory.
The severity of the flaw is critical. Affected Firefox versions are below 136.0.4, and vulnerable Firefox ESR versions are below 115.21.1 and 128.8.1.
Tor, a browser designed for privacy and anonymity, also released an emergency release for Windows, citing “very urgent security patches to Firefox for Windows.”
“We advise Windows users to update immediately,” Tor Project said in a blog post and bolded the word “immediately.”
As previously explained, the flaw allows one click compromise. If a user visits a malicious site by clicking a link, no other action is required. Hackers were observed abusing the flaw and completely compromising systems by running remote code.
Your email address will not be published. Required fields are markedmarked