VulnerableCode Package Details - pkg:mozilla/Firefox%20ESR@128.8.1

Staging Environment: Content and features may be unstable or change without notice.

Search for packages

Package details: pkg:mozilla/Firefox%20ESR@128.8.1

Essentials
History (1)

purl	pkg:mozilla/Firefox%20ESR@128.8.1

Vulnerabilities affecting this package (0)

Vulnerability	Summary	Fixed by
This package is not known to be affected by vulnerabilities.

Vulnerabilities fixed by this package (1)

Vulnerability	Summary	Aliases
VCID-wfqy-u76t-ybgb	Following the recent Chrome sandbox escape (CVE-2025-2783), various Firefox developers identified a similar pattern in our IPC code. A compromised child process could cause the parent process to return an unintentionally powerful handle, leading to a sandbox escape. The original vulnerability was being exploited in the wild. This only affects Firefox on Windows. Other operating systems are unaffected.	CVE-2025-2857

Date	Actor	Action	Vulnerability	Source	VulnerableCode Version
2026-04-01T13:16:54.572842+00:00	Mozilla Importer	Fixing	VCID-wfqy-u76t-ybgb	https://github.com/mozilla/foundation-security-advisories/blob/master/announce/2025/mfsa2025-19.yml	38.0.0