Mozilla has addressed a security vulnerability in its Firefox browser for Windows that was being actively exploited.

According to a recent update, Mozilla has released Firefox version 136.0.4, which fixes a newly discovered bug, tracked as CVE-2025-2857. This bug exhibits a similar pattern to a vulnerability that Google recently patched in its Chrome browser.

The vulnerability allows an attacker to bypass Firefox’s sandbox, which restricts the browser’s access to other applications and data on the user’s computer.

This bug also affects other browsers that share the same codebase as Firefox for Windows, including the Tor Browser, which has also received a patch updating the browser to version 14.0.7.

Boris Larin, a researcher at Kaspersky, who initially discovered the Chrome zero-day vulnerability, confirmed in a post that the underlying cause of the Chrome bug also impacts Firefox. Previously, Kaspersky linked the use of these exploits to targeted attacks on journalists, educational institution employees, and government organizations in Russia.