Mozilla launched Firefox 147 on January 13, 2026, to resolve 16 security vulnerabilities affecting critical systems like JavaScript and network protocols. The update includes fixes for high-impact sandbox escapes and memory corruption issues, and it is also available for long-term support versions of Firefox and Thunderbird.
Mozilla officially deployed Firefox 147 on January 13, 2026, to mitigate a total of 16 security vulnerabilities identified within the browser's core architecture. This release addresses several critical components, including graphics rendering, the JavaScript engine, and networking protocols. Because these flaws could potentially allow unauthorized parties to execute arbitrary code, security experts are encouraging all users to transition to the newest version immediately to maintain system integrity.
The update focuses heavily on six high-impact vulnerabilities, many of which involve sophisticated sandbox escapes that bypass standard security boundaries. These specific flaws were discovered in the graphics and messaging systems, largely through the efforts of security researchers and automated fuzzing techniques. By resolving these escapes, Mozilla prevents attackers from breaking out of the browser's isolated environment to interact directly with the underlying operating system.
A significant portion of the advisory details memory safety bugs, specifically categorized under CVE-2026-0891 and CVE-2026-0892. Although there is currently no evidence that these particular bugs are being exploited in the wild, they showed clear signs of memory corruption during testing. Developers noted that with sufficient effort, these vulnerabilities could be leveraged to crash the browser or facilitate more complex cyberattacks against unsuspecting users.
The security patches provided in this cycle extend beyond the standard browser to include Firefox ESR 140.7 and Thunderbird versions 140.7 and 147. This broad coverage ensures that enterprise environments and email clients remain protected against the same exploits found in the consumer browser. Specific issues addressed include use-after-free vulnerabilities in the inter-process communication system and integer overflows within the CanvasWebGL rendering engine.
The cluster of flaws identified in the WebGL and Canvas components underscores the persistent difficulty of securing high-performance web graphics. By neutralizing these threats through version 147, Mozilla continues to harden its software against increasingly modern browser-targeted threats. Users are advised to check their software settings to ensure the update has been applied, as these fixes represent a vital defense against potential remote code execution.
Source: Firefox 147 Released With Fixes for 16 Code Execution Vulnerabilities