Goal Reached Thanks to every supporter — we hit 100%!

Goal: 1000 CNY · Raised: 1310 CNY

100%
Buy Us a Coffee

CVE-2025-2857 PoC — Incorrect handle could lead to sandbox escapes

Source
https://github.com/ubisoftinc/CVE-2025-2857
Associated Vulnerability
Title:Incorrect handle could lead to sandbox escapes (CVE-2025-2857)
Description:Following the recent Chrome sandbox escape (CVE-2025-2783), various Firefox developers identified a similar pattern in our IPC code. A compromised child process could cause the parent process to return an unintentionally powerful handle, leading to a sandbox escape. The original vulnerability was being exploited in the wild. *This only affects Firefox on Windows. Other operating systems are unaffected.*. This vulnerability was fixed in Firefox 136.0.4, Firefox ESR 128.8.1, and Firefox ESR 115.21.1.
Description
A Firefox and Tor Browser compromised child process could cause the parent process to return an unintentionally powerful handle, leading to a sandbox escape
Readme
# CVE-2025-2857
A Firefox and Tor Browser compromised child process could cause the parent process to return an unintentionally powerful handle, leading to a sandbox escape
> Run as root

# Install

```
sudo apt update
sudo apt install git
git clone https://github.com/ubisoftinc/CVE-2025-2857.git
cd CVE-2025-2857
chmod +x CVE-2025-2857
chmod +x install.sh
sudo bash install.sh
```

# Usage
```
./CVE-2025-2857 -o webpage/
```
File Snapshot

Log in to view the POC file snapshot cached by Shenlong Bot

Log in to view
Remarks
    1. It is advised to access via the original source first.
    2. Local POC snapshots are reserved for subscribers — if the original source is unavailable, the local mirror is part of the paid plan.
    3. Mirroring, verifying, and maintaining this POC archive takes ongoing effort, so local snapshots are a paid feature. Your subscription keeps the archive online — thank you for the support. View subscription plans →