Create accountLogin

Recent searches

No recent searches

Search options

Only available when logged in.
nerdculture.de is one of the many independent Mastodon servers you can use to participate in the fediverse.
Be excellent to each other, live humanism, no nazis, no hate speech. Not only for nerds, but the domain is somewhat cool. ;) No bots in general. Languages: DE, EN, FR, NL, ES, IT

Administered by:

Server stats:

1.2K
active users

nerdculture.de: AboutProfiles directoryPrivacy policy

Mastodon: AboutGet the appKeyboard shortcutsView source codev4.3.7

Olly 👾

:firefox: Mozilla warns Windows Users of critical Firefox Sandbox Escape Flaw.

The vulnerability impacts the latest Firefox standard and extended support releases (ESR) designed for organizations that require extended support for mass deployments. Mozilla fixed the security flaw in Firefox 136.0.4 & Firefox ESR versions 115.21.1 + 128.8.1.

mozilla.org/en-US/security/adv

Mozilla has released Firefox 136.0.4 to patch a critical security vulnerability that can let attackers escape the web browser's sandbox on Windows systems. Tracked as CVE-2025-2857, this flaw is described as an "incorrect handle could lead to sandbox escapes" and was reported by Mozilla developer Andrew McCreight. While Mozilla didn't share technical details regarding CVE-2025-2857, it said the vulnerability is similar to a Chrome zero-day exploited in attacks and patched by Google last week. "Following the sanbdox escape in CVE-2025-2783, various Firefox developers identified a similar pattern in our IPC code. Attackers were able to confuse the parent process into leaking handles into unpriviled [sic] child processes leading to a sandbox escape," Mozilla said in a advisory. "The original vulnerability was being exploited in the wild. This only affects Firefox on Windows. Other operating systems are unaffected."
#mozilla#firefox#update
Apr 01, 2025, 12:39 PM·Public·Metatext
5boosts·3favorites
ExploreLive feeds
About