Mozilla has issued an emergency security update for its Firefox browser on Windows to fix a critical vulnerability that could allow attackers to escape browser sandboxes and potentially compromise the system. The flaw, discovered by Mozilla researcher Andrew McCreight, involves an "incorrect handle" in Firefox’s Inter-Process Communication (IPC) code, allowing a compromised child process to trick the parent process into granting elevated privileges. This vulnerability is similar to a recently exploited Chrome zero-day (CVE-2025-2783) and affects only Windows versions of Firefox. Mozilla has released patches in Firefox 136.0.4, Firefox ESR 128.8.1, and Firefox ESR 115.21.1. Although it is unclear whether this specific Firefox flaw has been exploited in the wild, users are strongly urged to update immediately. This incident underscores the critical importance of rapid vulnerability management and cross-browser security collaboration.

‍