Mozilla fixed “Wild exploitation” of Firefox security bug for Windows browsers.
In a quick update, Mozilla said it updated its browser to Firefox version 136.0.4 after identifying and fixing a new bug tracked as CVE-2025-2857.
Anyone who exploits the bug can escape the Firefox sandbox and restricts data on other apps in your browser and users' computers.
This bug also affects other browsers that have the same codebase as Firefox for Windows, such as the Tor browser that also received a patch that updates the Browser to 14.0.7.
Boris Larin, a researcher at Kaspersky who first discovered Chrome Zero-Day, confirmed in a post that the root cause of the Chrome bug also affects Firefox. Kaspersky previously linked the use of exploitation to attacks on Russian journalists, educational institutions and government organizations.