Mozilla has released an urgent update for its Firefox browser, addressing a security vulnerability identified as CVE-2025-2857, which was actively exploited. This bug mirrors a recently patched flaw in Google Chrome and allows potential escape from Firefox's sandbox, risking user data. The patch brings Firefox to version 136.0.4, and similar vulnerabilities were found in the Tor Browser, prompting its update to 14.0.7. Security researcher Boris Larin, who discovered the Chrome issue, confirmed the shared root cause, linking the exploits to targeted attacks against journalists and government entities in Russia.