Ce mail provient de l'extérieur, restons vigilants

=====================================================================

                            CERT-Renater

                Note d'Information No. 2025/VULN185

_____________________________________________________________________

DATE                : 28/03/2025

HARDWARE PLATFORM(S): /

OPERATING SYSTEM(S): Systems running Firefox versions prior to 
                                       136.0.4,
                    Firefox ESR versions prior to 115.21.1, 128.8.1.

=====================================================================
https://www.mozilla.org/en-US/security/advisories/mfsa2025-19/
_____________________________________________________________________


Mozilla Foundation Security Advisory 2025-19
Security Vulnerability fixed in Firefox 136.0.4, Firefox ESR 128.8.1,
Firefox ESR 115.21.1

Announced
    March 27, 2025
Impact
    critical
Products
    Firefox, Firefox ESR

Fixed in

        Firefox 136.0.4
        Firefox ESR 115.21.1
        Firefox ESR 128.8.1

#CVE-2025-2857: Incorrect handle could lead to sandbox escapes

Reporter
    Andrew McCreight
Impact
    critical

Description

Following the recent Chrome sandbox escape (CVE-2025-2783), various
Firefox developers identified a similar pattern in our IPC code. A
compromised child process could cause the parent process to return
an unintentionally powerful handle, leading to a sandbox escape.
The original vulnerability was being exploited in the wild.

This only affects Firefox on Windows. Other operating systems are
unaffected.


References

    Bug 1956398
    CVE-2025-2783


=========================================================
+ CERT-RENATER        |    tel : 01-53-94-20-44         +
+ 23/25 Rue Daviel    |    fax : 01-53-94-20-41         +
+ 75013 Paris         |   email:cert@support.renater.fr +
=========================================================