Mozilla has rolled out the Firefox 148 update for Windows, macOS, and Linux platforms, bringing several enhancements and fixes. Among the additions, the backup functionality now reaches a broader audience, and users can turn off every AI-related capability with just one button press. The team has addressed numerous security issues in this version.
The company intends to unveil Firefox 149 in about four weeks, specifically on March 24.
A standout addition is the dedicated AI Settings area within the browser's configuration menu. This allows users to deactivate all AI-driven tools at once and then selectively activate preferred ones. For instance, the on-device translation tool, which operates without cloud involvement, can remain active. Users also have the option to pick their preferred AI chatbot for the sidebar panel, provided they haven't opted to shut down all such features.
Individuals on Windows 10 who configure Firefox to clear browsing data when closing the browser can now access the backup option. Items designated for deletion are excluded from backups, and this capability falls under the Synchronization preferences.
According to Mozilla's 2026-13 Security Advisory for Firefox 148, the update resolves more than 50 security weaknesses.
Over half of the vulnerabilities reported from external sources are rated as high severity by Mozilla. This includes five methods to escape the browser's sandbox and eight use-after-free errors in the JavaScript engine. Several of these flaws could enable attackers to insert and run malicious code on affected machines. No active exploitation of these issues has been detected in real-world scenarios.
The advisory's final three sections cover an undisclosed count of vulnerabilities found internally, grouped under CVE-2026-2807, CVE-2026-2792, and CVE-2026-2793. These involve critical memory handling mistakes deemed high risk, with some impacting Firefox ESR and Thunderbird as well.
Alongside the main Firefox 148 release, Mozilla has issued updates for Firefox ESR versions 140.8.0 and 115.33.0, the latter limited to Windows 7/8.1 and macOS 10.12 through 10.14.
These ESR editions tackle the specified vulnerabilities within the established codebase of earlier browser lines. Firefox ESR 140.8.0 patches 37 issues, while ESR 115.33.0 addresses 21. Importantly, ESR 115.33.0 marks the final update for its series, which will end support this month.
Mozilla has also launched Thunderbird 148.0 and 140.8.0esr, where developers have remediated multiple security flaws carried over from Firefox.
This piece first appeared in our affiliated outlet PC-WELT, adapted and translated from its German original.
Frank Ziemann has contributed as a freelance writer to PC-WELT since 2005, focusing on news and reviews. His expertise covers IT security topics like malware, antivirus software, and vulnerabilities, along with internet technologies.