Firefox Affected by Flaw Similar to Chrome Zero-Day Exploited in Russia

Firefox developers have determined that their browser is affected by a vulnerability similar to the recent Chrome sandbox escape zero-day.

Mozilla says Firefox developers have determined that their browser is affected by a critical vulnerability that is similar to the Chrome zero-day disclosed a few days ago.

On Tuesday, Google announced a Chrome update that patches CVE-2025-2783, a vulnerability reported to the tech giant by cybersecurity firm Kaspersky, whose researchers saw it being exploited in attacks aimed at Russian organizations.

Kaspersky said CVE-2025-2783 has been exploited since at least mid-March by what is likely a state-sponsored threat actor to escape Chrome’s sandbox. The exploit chain also targeted another vulnerability (which Kaspersky was unable to identify) to achieve remote code execution.

The campaign, which the security firm dubbed Operation ForumTroll because it used fake invitations to a scientific forum as a lure, targeted media outlets, educational institutions and government organizations ...