Mozilla says Firefox developers have determined that their browser is affected by a critical vulnerability that is similar to the Chrome zero-day disclosed a few days ago.
On Tuesday, Google announced a Chrome update that patches CVE-2025-2783, a vulnerability reported to the tech giant by cybersecurity firm Kaspersky, whose researchers saw it being exploited in attacks aimed at Russian organizations.
Kaspersky said CVE-2025-2783 has been exploited since at least mid-March by what is likely a state-sponsored threat actor to escape Chrome’s sandbox. The exploit chain also targeted another vulnerability (which Kaspersky was unable to identify) to achieve remote code execution.
https://www.securityweek.com/firefox-af ... in-russia/