{"id":209890,"date":"2025-03-28T01:14:01","date_gmt":"2025-03-28T06:14:01","guid":{"rendered":"https:\/\/lifeboat.com\/blog\/2025\/03\/mozilla-warns-windows-users-of-critical-firefox-sandbox-escape-flaw"},"modified":"2025-03-28T01:14:01","modified_gmt":"2025-03-28T06:14:01","slug":"mozilla-warns-windows-users-of-critical-firefox-sandbox-escape-flaw","status":"publish","type":"post","link":"https:\/\/lifeboat.com\/blog\/2025\/03\/mozilla-warns-windows-users-of-critical-firefox-sandbox-escape-flaw","title":{"rendered":"Mozilla warns Windows users of critical Firefox sandbox escape flaw"},"content":{"rendered":"<p><a class=\"aligncenter blog-photo\" href=\"https:\/\/lifeboat.com\/blog.images\/mozilla-warns-windows-users-of-critical-firefox-sandbox-escape-flaw.jpg\"><\/a><\/p>\n<p>Mozilla has released Firefox 136.0.4 to patch a critical security vulnerability that can let attackers escape the web browser\u2019s sandbox on Windows systems.<\/p>\n<p>Tracked as <a href=\"https:\/\/www.mozilla.org\/en-US\/security\/advisories\/mfsa2025-19\/#CVE-2025-2857\" target=\"_blank\" rel=\"nofollow noopener\">CVE-2025\u20132857<\/a>, this flaw is described as an \u201cincorrect handle could lead to sandbox escapes\u201d and was reported by Mozilla developer Andrew McCreight.<\/p>\n<p>The vulnerability impacts the latest Firefox standard and extended support releases (ESR) designed for organizations that require extended support for mass deployments. Mozilla fixed the security flaw in Firefox 136.0.4 and Firefox ESR versions 115.21.1 and 128.8.1.<\/p>\n","protected":false},"excerpt":{"rendered":"<p>Mozilla has released Firefox 136.0.4 to patch a critical security vulnerability that can let attackers escape the web browser\u2019s sandbox on Windows systems. Tracked as CVE-2025\u20132857, this flaw is described as an \u201cincorrect handle could lead to sandbox escapes\u201d and was reported by Mozilla developer Andrew McCreight. The vulnerability impacts the latest Firefox standard and [\u2026]<\/p>\n","protected":false},"author":427,"featured_media":0,"comment_status":"open","ping_status":"closed","sticky":false,"template":"","format":"standard","meta":{"footnotes":""},"categories":[418,1492],"tags":[],"class_list":["post-209890","post","type-post","status-publish","format-standard","hentry","category-internet","category-security"],"_links":{"self":[{"href":"https:\/\/lifeboat.com\/blog\/wp-json\/wp\/v2\/posts\/209890","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/lifeboat.com\/blog\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/lifeboat.com\/blog\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/lifeboat.com\/blog\/wp-json\/wp\/v2\/users\/427"}],"replies":[{"embeddable":true,"href":"https:\/\/lifeboat.com\/blog\/wp-json\/wp\/v2\/comments?post=209890"}],"version-history":[{"count":0,"href":"https:\/\/lifeboat.com\/blog\/wp-json\/wp\/v2\/posts\/209890\/revisions"}],"wp:attachment":[{"href":"https:\/\/lifeboat.com\/blog\/wp-json\/wp\/v2\/media?parent=209890"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/lifeboat.com\/blog\/wp-json\/wp\/v2\/categories?post=209890"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/lifeboat.com\/blog\/wp-json\/wp\/v2\/tags?post=209890"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}