{"id":1600266,"date":"2025-03-28T19:10:41","date_gmt":"2025-03-28T21:10:41","guid":{"rendered":"https:\/\/teknomers.com\/fr\/mozilla-patches-critical-firefox-bug-similaire-a-la-recente-vulnerabilite-de-chrome-zero-day\/"},"modified":"2025-03-28T19:10:46","modified_gmt":"2025-03-28T21:10:46","slug":"mozilla-patches-critical-firefox-bug-similaire-a-la-recente-vulnerabilite-de-chrome-zero-day","status":"publish","type":"post","link":"https:\/\/teknomers.com\/fr\/mozilla-patches-critical-firefox-bug-similaire-a-la-recente-vulnerabilite-de-chrome-zero-day\/","title":{"rendered":"Mozilla Patches Critical Firefox Bug similaire \u00e0 la r\u00e9cente vuln\u00e9rabilit\u00e9 de Chrome Zero-Day"},"content":{"rendered":"<p> <br \/>\n<\/p>\n<div>\n<p><span class=\"p-author\"><i class=\"icon-font icon-calendar\">\ue802<\/i><span class=\"author\">28 mars 2025<\/span><i class=\"icon-font icon-user\">\ue804<\/i><span class=\"author\">Ravie Lakshmanan<\/span><\/span><span class=\"p-tags\">S\u00e9curit\u00e9 z\u00e9ro-jour \/ navigateur<\/span><\/p>\n<\/div>\n<div id=\"articlebody\">\n<div class=\"separator\" style=\"clear: both;\"><a rel=\"nofollow\" href=\"https:\/\/teknomers.com\/fr\/wp-content\/uploads\/2025\/03\/Mozilla-Patches-Critical-Firefox-Bug-similaire-a-la-recente-vulnerabilite.jpg\" style=\"clear: left; display: block; float: left;  text-align: center;\"><\/a><\/div>\n<p>Mozilla a publi\u00e9 des mises \u00e0 jour pour aborder un d\u00e9faut de s\u00e9curit\u00e9 critique impactant son navigateur Firefox pour Windows, quelques jours apr\u00e8s que Google a corrig\u00e9 un d\u00e9faut similaire dans Chrome qui a subi une exploitation active en tant que z\u00e9ro-jour.<\/p>\n<p>La vuln\u00e9rabilit\u00e9 de s\u00e9curit\u00e9, CVE-2025-2857, a \u00e9t\u00e9 d\u00e9crite comme un cas de poign\u00e9e incorrecte qui pourrait conduire \u00e0 une \u00e9vasion de bac \u00e0 sable.<\/p>\n<p>&#8220;Apr\u00e8s la r\u00e9cente \u00e9vasion de Chrome Sandbox (CVE-2025-2783), divers d\u00e9veloppeurs de Firefox ont identifi\u00e9 un mod\u00e8le similaire dans notre IPC [inter-process communication] Code, &#8220;Mozilla <a rel=\"noopener nofollow\" href=\"https:\/\/www.mozilla.org\/en-US\/security\/advisories\/mfsa2025-19\/\" target=\"_blank\">dit<\/a> dans un avis.<\/p>\n<div class=\"dog_two clear\"><center class=\"cf\"><a rel=\"nofollow noopener sponsored\" href=\"https:\/\/thehackernews.uk\/cis-securesuite\" target=\"_blank\" title=\"Cybersecurity\"><img loading=\"lazy\" decoding=\"async\" class=\"lazyload\" alt=\"Cybers\u00e9curit\u00e9\" src=\"https:\/\/teknomers.com\/fr\/wp-content\/uploads\/2025\/03\/1740818990_705_Mozilla-met-a-jour-les-termes-de-Firefox-apres-le.png\" width=\"727\" height=\"90\"\/><\/a><\/center><\/div>\n<p>&#8220;Un processus d&#8217;enfant compromis pourrait amener le processus parent \u00e0 renvoyer une poign\u00e9e involontairement puissante, conduisant \u00e0 une \u00e9vasion de bac \u00e0 sable.&#8221;<\/p>\n<p>La lacune, qui affecte Firefox et Firefox ESR, a \u00e9t\u00e9 abord\u00e9e dans Firefox 136.0.4, Firefox ESR 115.21.1 et Firefox ESR 128.8.1. Il n&#8217;y a aucune preuve que CVE-2025-2857 ait \u00e9t\u00e9 exploit\u00e9 dans la nature.<\/p>\n<p>Le projet Tor a \u00e9galement <a rel=\"nofollow noopener\" href=\"https:\/\/blog.torproject.org\/new-release-tor-browser-1408\/\" target=\"_blank\">exp\u00e9di\u00e9<\/a> Une mise \u00e0 jour de s\u00e9curit\u00e9 pour le navigateur TOR (version 14.0.8) pour r\u00e9soudre le m\u00eame probl\u00e8me pour les utilisateurs de Windows.<\/p>\n<p>Le d\u00e9veloppement intervient alors que Google a publi\u00e9 Chrome version 134.0.6998.177\/.178 pour Windows pour corriger le CVE-2025-2783, qui a \u00e9t\u00e9 exploit\u00e9 dans la nature dans le cadre d&#8217;attaques ciblant les m\u00e9dias, les \u00e9tablissements d&#8217;enseignement et les organisations gouvernementales en Russie.<\/p>\n<p>Kaspersky, qui a d\u00e9tect\u00e9 l&#8217;activit\u00e9 \u00e0 la mi-mars 2025, a d\u00e9clar\u00e9 que l&#8217;infection s&#8217;est produite apr\u00e8s que les victimes non sp\u00e9cifi\u00e9es ont cliqu\u00e9 sur un lien sp\u00e9cialement con\u00e7u dans les e-mails de phishing et que le site Web contr\u00f4l\u00e9 par l&#8217;attaquant a \u00e9t\u00e9 ouvert \u00e0 l&#8217;aide de Chrome.<\/p>\n<p>Le CVE-2025-2783 aurait \u00e9t\u00e9 encha\u00een\u00e9 avec un autre exploit inconnu du navigateur Web pour sortir des limites du bac \u00e0 sable et r\u00e9aliser l&#8217;ex\u00e9cution du code distant. Cela dit, le correctif du bogue bloque efficacement toute la cha\u00eene d&#8217;attaque.<\/p>\n<div class=\"dog_two clear\"><center class=\"cf\"><a rel=\"nofollow noopener sponsored\" href=\"https:\/\/thehackernews.uk\/cloud-ai-d\" target=\"_blank\" title=\"Cybersecurity\"><img loading=\"lazy\" decoding=\"async\" class=\"lazyload\" alt=\"Cybers\u00e9curit\u00e9\" src=\"https:\/\/teknomers.com\/fr\/wp-content\/uploads\/2025\/03\/VMware-Security-Flaws-exploite-dans-la-nature-BroadCom-publie.jpg\" width=\"727\" height=\"90\"\/><\/a><\/center><\/div>\n<p>L&#8217;Agence am\u00e9ricaine de s\u00e9curit\u00e9 de cybers\u00e9curit\u00e9 et d&#8217;infrastructure (CISA) <a rel=\"noopener nofollow\" href=\"https:\/\/www.cisa.gov\/news-events\/alerts\/2025\/03\/27\/cisa-adds-one-known-exploited-vulnerability-catalog\" target=\"_blank\">ajout\u00e9<\/a> la faille de ses vuln\u00e9rabilit\u00e9s connues exploit\u00e9es (<a rel=\"noopener nofollow\" href=\"https:\/\/www.cisa.gov\/known-exploited-vulnerabilities-catalog\" target=\"_blank\">Kev<\/a>) Catalogue, exigeant que les agences f\u00e9d\u00e9rales appliquent les att\u00e9nuations n\u00e9cessaires d&#8217;ici le 17 avril 2025.<\/p>\n<p>Les utilisateurs sont recommand\u00e9s pour mettre \u00e0 jour leurs instances de navigateur vers les derni\u00e8res versions pour sauvegarder les risques potentiels.<\/p>\n<p><\/p>\n<div class=\"cf note-b\">Vous avez trouv\u00e9 cet article int\u00e9ressant? Suivez-nous <a rel=\"noopener nofollow\" href=\"https:\/\/twitter.com\/thehackersnews\" target=\"_blank\">Gazouillement <i class=\"icon-font icon-twitter\">\uf099<\/i><\/a>  et <a rel=\"noopener nofollow\" href=\"https:\/\/www.linkedin.com\/company\/thehackernews\/\" target=\"_blank\">Liendin<\/a> Pour lire plus de contenu exclusif que nous publions.<\/div>\n<\/div>\n<p><script async src=\"https:\/\/platform.twitter.com\/widgets.js\" charset=\"utf-8\"><\/script><br \/>\n<br \/><br \/>\n<br \/><a href=\"https:\/\/thehackernews.com\/2025\/03\/mozilla-patches-critical-firefox-bug.html\" rel=\"nofollow noopener\" target=\"_blank\">ttn-fr-57<\/a><\/p>\n","protected":false},"excerpt":{"rendered":"<p>\ue80228 mars 2025\ue804Ravie LakshmananS\u00e9curit\u00e9 z\u00e9ro-jour \/ navigateur Mozilla a publi\u00e9 des mises \u00e0 jour pour aborder un d\u00e9faut de s\u00e9curit\u00e9 critique impactant son navigateur Firefox pour Windows, quelques jours apr\u00e8s que Google a corrig\u00e9 un d\u00e9faut similaire dans Chrome qui a subi une exploitation active en tant que z\u00e9ro-jour. La vuln\u00e9rabilit\u00e9 de s\u00e9curit\u00e9, CVE-2025-2857, a [&hellip;]<\/p>\n","protected":false},"author":1,"featured_media":1600267,"comment_status":"closed","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"footnotes":""},"categories":[6],"tags":[274266,274265,29066,16757,4168,118325,79002,274264,4161,274263,6124,19979,274267,4160,19978,49875,27730,238617,246491,4172,239,79016,4166,3667,4164,35759],"class_list":["post-1600266","post","type-post","status-publish","format-standard","has-post-thumbnail","hentry","category-technologie","tag-actualites-de-piratage","tag-actualites-des-pirates","tag-bug","tag-chrome","tag-comment-pirater","tag-critical","tag-cyber-security-news","tag-cyber-security-news-aujourdhui","tag-cyber-mises-a-jour","tag-cyber-nouvelles","tag-cyberattaques","tag-firefox","tag-malware-ransomware","tag-mises-a-jour-de-la-cybersecurite","tag-mozilla","tag-patches","tag-recente","tag-securite-de-linformation","tag-securite-du-reseau","tag-securite-informatique","tag-similaire","tag-the-hacker-news","tag-violation-de-donnees","tag-vulnerabilite","tag-vulnerabilite-logicielle","tag-zeroday"],"_links":{"self":[{"href":"https:\/\/teknomers.com\/fr\/wp-json\/wp\/v2\/posts\/1600266","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/teknomers.com\/fr\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/teknomers.com\/fr\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/teknomers.com\/fr\/wp-json\/wp\/v2\/users\/1"}],"replies":[{"embeddable":true,"href":"https:\/\/teknomers.com\/fr\/wp-json\/wp\/v2\/comments?post=1600266"}],"version-history":[{"count":0,"href":"https:\/\/teknomers.com\/fr\/wp-json\/wp\/v2\/posts\/1600266\/revisions"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/teknomers.com\/fr\/wp-json\/wp\/v2\/media\/1600267"}],"wp:attachment":[{"href":"https:\/\/teknomers.com\/fr\/wp-json\/wp\/v2\/media?parent=1600266"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/teknomers.com\/fr\/wp-json\/wp\/v2\/categories?post=1600266"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/teknomers.com\/fr\/wp-json\/wp\/v2\/tags?post=1600266"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}