Firefox 148 adds AI kill switch, fixes 50+ security flaws
With the new Firefox 148 browser update for Windows, macOS and Linux, Mozilla introduces a number of new features and improvements. For example, the backup feature is now available to more users and you can turn off all AI features with just one click. The developers also fixed a large number of security vulnerabilities.
Mozilla plans to release Firefox 149 in four weeks, on March 24.
What’s new in Firefox 148?
Probably the most important new feature is the AI Settings section of the browser settings. Here you can disable all “AI” based features and then manually re-enable the ones you want. For example, you may want to keep the translation feature, which works locally and not in the cloud. You can also select the AI chatbot you want to use in the dedicated sidebar (unless of course you disable everything).
Windows 10 users who have Firefox set to delete browser data on exit can now also use the data backup feature. Data that needs to be deleted will not be backed up. This feature is found under Sync Settings.
Security fixes in Firefox 148
Mozilla lists more than 50 vulnerabilities that have been fixed in its Security Advisory 2026-13 for Firefox 148.
Mozilla classifies more than half of externally reported security vulnerabilities as high risk. Five of them relate to ways to escape the browser sandbox, and eight use-after-free vulnerabilities have been integrated into JavaScript components. Many vulnerabilities could be exploited to inject and execute code on a system. None of these security vulnerabilities are knowingly attacked in the wild.
The last three entries in the security advisory list an unspecified number of internally discovered vulnerabilities, which are summarized under CVE numbers CVE-2026-2807, CVE-2026-2792, and CVE-2026-2793. These problematic memory access errors are also considered high risk, and some of them even affect Firefox ESR and Thunderbird.
Firefox ESR and Thunderbird
In addition to Firefox 148, Mozilla also released Firefox ESR versions 140.8.0 and 115.33.0, although the latter is only available for Windows 7/8.1 and macOS 10.12 to 10.14.
In the ESR versions, Mozilla has fixed the aforementioned vulnerabilities present in the partly well-established code of these older browser generations. In Firefox ESR 140.8, there are 37 vulnerabilities fixed; in Firefox ESR 115.33 there are 21. Note that Firefox ESR 115.33 is the latest version of its branch, which will be discontinued this month.
Thunderbird 148.0 and 140.8.0esr have also been released. In these versions, the developers also fixed dozens of security vulnerabilities inherited from Firefox.
