Firefox 148 provides AI kill swap, fixes 50+ safety flaws
Abstract created by Sensible Solutions AI
In abstract:
- PCWorld highlights that Mozilla’s Firefox 148 replace addresses over 50 safety vulnerabilities, together with high-risk reminiscence entry errors and sandbox escape flaws.
- The replace introduces an AI kill swap by new ‘AI Settings’ that lets customers disable all AI options and selectively re-enable desired ones like native translation.
- Customers ought to replace instantly as many vulnerabilities might allow code execution, with Firefox ESR and Thunderbird additionally receiving important safety patches.
With the brand new Firefox 148 browser replace for Home windows, macOS, and Linux, Mozilla is introducing various new options and enhancements. For instance, the backup function is now out there to extra customers, and you may disable all AI options with a single click on. The builders have additionally mounted a lot of safety vulnerabilities.
Mozilla plans to launch Firefox 149 in 4 weeks on March twenty fourth.
What’s new in Firefox 148?
In all probability an important new function is the AI Settings part of the browser settings. Right here, you may disable all “AI”-based features, then manually re-enable those you do need. For instance, you would possibly need to hold the interpretation operate, which works regionally and never within the cloud. You can too choose which AI chatbot you need to use within the devoted sidebar (except you, in fact, disable all the things).
Home windows 10 customers who’ve Firefox set to delete browser knowledge upon exit can now additionally use the information backup function. Information that’s set to be deleted received’t be backed up. This function is beneath Synchronization settings.
Safety fixes in Firefox 148
Mozilla lists over 50 vulnerabilities which were mounted in its 2026-13 Safety Advisory for Firefox 148.
Mozilla classifies greater than half of the externally reported safety vulnerabilities as excessive danger. 5 of those relate to methods of breaking out of the browser sandbox, and eight use-after-free vulnerabilities have been plugged within the JavaScript parts. Lots of the vulnerabilities could possibly be exploited to inject and execute code on a system. None of those safety vulnerability are knowingly being attacked within the wild.
The final three entries within the Safety Advisory record an unspecified variety of internally found vulnerabilities, that are summarized beneath CVE numbers CVE-2026-2807, CVE-2026-2792, and CVE-2026-2793. These problematic reminiscence entry errors are additionally thought of excessive danger, and a few of them even have an effect on Firefox ESR and Thunderbird.
Firefox ESR and Thunderbird
Along with Firefox 148, Mozilla has additionally launched Firefox ESR variations 140.8.0 and 115.33.0, though the latter is simply out there for Home windows 7/8.1 and macOS 10.12 to 10.14.
Within the ESR variations, Mozilla has mounted the aforementioned vulnerabilities which might be current within the partly-well-established code of those older browser generations. In Firefox ESR 140.8, there are 37 mounted vulnerabilities; in Firefox ESR 115.33, there are 21. Word that Firefox ESR 115.33 is the final launch of its department, to be discontinued this month.
Thunderbird 148.0 and 140.8.0esr have additionally been launched. In these variations, the builders have additionally mounted dozens of safety vulnerabilities inherited from Firefox.
This text initially appeared on our sister publication PC-WELT and was translated and localized from German.
