Imagine opening a browser where every AI-powered shortcut—from translations to chatbots—could be toggled off with a single click. That’s now possible with Firefox 148, which also delivers a sweeping patch for over 50 security vulnerabilities, some capable of granting attackers remote code execution.
The update arrives as Mozilla refines its approach to AI integration, offering users unprecedented control over how and whether these features operate. While the browser’s built-in AI tools—like local translation and chatbot interactions—remain optional, the new AI Settings panel lets users disable all AI functions at once or selectively re-enable specific features.
This level of granularity addresses growing concerns about AI-driven privacy risks, particularly for users who prefer offline processing. For example, the translation tool now operates locally by default, bypassing cloud dependencies unless explicitly configured otherwise.
Security Overhaul: 50+ Flaws Patched
Beyond AI controls, Firefox 148 prioritizes security with fixes for over 50 vulnerabilities, more than half of which Mozilla classifies as high-risk. Among the most critical are
- Five sandbox escape flaws that could allow malicious scripts to break free from browser isolation.
- Eight use-after-free bugs in JavaScript components, exploitable for arbitrary code execution.
- Three high-severity memory corruption issues (CVE-2026-2807, CVE-2026-2792, CVE-2026-2793) affecting core browser functions, some of which also impact Firefox ESR and Thunderbird.
While no evidence suggests these vulnerabilities are currently under active attack, Mozilla’s advisory underscores the potential for exploitation in targeted campaigns. The fixes extend to Firefox ESR versions 140.8.0 and 115.33.0, the latter of which marks the final release for that legacy branch before discontinuation.
What’s Changed for Users?
For power users, Firefox 148 introduces two notable improvements
- A data backup feature for Windows 10 users who previously had it disabled due to automatic data deletion on exit. Backups now exclude data marked for removal.
- Enhanced AI sidebar customization, allowing users to switch between supported chatbots or disable the feature entirely.
Mozilla’s next major release, Firefox 149, is scheduled for March 24th, with additional security refinements expected. In the meantime, users are advised to update immediately—especially those relying on Firefox ESR or Thunderbird—to ensure protection against known exploits.
The update is available now for Windows, macOS, and Linux, with ESR and Thunderbird patches addressing inherited vulnerabilities from the Firefox codebase.
