Mozilla has released security updates to address one critical vulnerability in Firefox and Firefox ESR. Following the recent Chrome sandbox escape (CVE-2025-2783), various Firefox developers identified a similar pattern in Firefox’s Inter-process Communication (IPC) code.
A compromised child process could cause the parent process to return an unintentionally powerful handle, leading to a sandbox escape. Exploitation of original Google Chrome vulnerability CVE-2025-2783: Google has observed exploitation of CVE-2025-2783 in the wild. More information can be found in Cyber Alert CC-4639
Read more…
Source: NHS Digital
Sign up for our Newsletter
The latest news and insights delivered right to your inbox.
Related:
- Oracle Issues Emergency Patches for ‘JoltandBleed’ Vulnerabilities
November 16, 2017
Oracle pushed out an emergency update for vulnerabilities affecting several of its products that rely on its proprietary Jolt protocol. The bugs were discovered by researchers at ERPScan who named the series of five vulnerabilities JoltandBleed. The vulnerabilities are severe, with two of the bugs scoring 9.9 and 10 on the CVSS scale. Products affected include Oracle PeopleSoft ...
- Bluetooth Hack Affects 20 Million Amazon Echo and Google Home Devices
November 15, 2017
Remember BlueBorne? A series of recently disclosed critical Bluetooth flaws that affect billions of Android, iOS, Windows and Linux devices have now been discovered in millions of AI-based voice-activated personal assistants, including Google Home and Amazon Echo. As estimated during the discovery of this devastating threat, several IoT and smart devices whose operating systems are often updated less frequently than smartphones and ...
- 17-Year-Old MS Office Flaw Lets Hackers Install Malware Without User Interaction
November 14, 2017
You should be extra careful when opening files in MS Office. When the world is still dealing with the threat of ‘unpatched’ Microsoft Office’s built-in DDE feature, researchers have uncovered a serious issue with another Office component that could allow attackers to remotely install malware on targeted computers. The vulnerability is a memory-corruption issue that resides in all ...
- Apple iPhone X’s Face ID Hacked (Unlocked) Using 3D-Printed Mask
November 13, 2017
Just a week after Apple released its brand new iPhone X on November 3, a team of hackers has claimed to successfully hack Apple’s Face ID facial recognition technology with a mask that costs less than $150. Yes, Apple’s “ultra-secure” Face ID security for the iPhone X is not as secure as the company claimed during ...
- Experts working with Homeland Security hacked into Boeing 757
November 10, 2017
There’s some unsettling news about one of America’s most widely-used jetliners. In a test, experts working with Homeland Security hacked into a Boeing 757. The team of researchers needed only two days in September 2016 to remotely hack into a 757 parked at the airport in Atlantic City, New Jersey. Speaking at a conference this week, Robert Hickey of ...
- Intel’s management engine – in most CPUs since 2008 – can be p0wned over USB
November 9, 2017
Positive Technologies, which in September said it has a way to attack the Intel Management Engine, has dropped more details on how its exploit works. The firm has already promised to demonstrate God-mode hack in December 2017, saying the bug “allows an attacker of the machine to run unsigned code in the Platform Controller Hub on any motherboard”. For ...