Mozilla has rolled out Firefox 147, bringing a mix of user-facing improvements, under-the-hood performance tweaks, and a sizable batch of security fixes. One of the headline changes is the adoption of Safe Browsing v5, which significantly improves privacy by cutting down on cloud-based URL checks. Instead of sending visited addresses to a remote service, Firefox now relies on a frequently updated local database of known malicious and fraudulent sites, reducing data exposure while maintaining protection.
Another notable upgrade affects picture-in-picture (PiP) video playback. Firefox can now automatically switch a video into PiP mode when you move away from its tab, then seamlessly return it to normal playback when you switch back. This behavior mirrors what users may already be familiar with on platforms like YouTube, but it’s now a browser-level feature. Mozilla has also improved video playback performance on AMD GPUs, bringing them in line with Intel and Nvidia graphics hardware.
On the security front, Mozilla’s Security Advisory 2026-01 details at least 16 fixed vulnerabilities in Firefox 147. Six externally reported flaws were rated high risk, with four involving potential sandbox escapes that could allow attackers to inject and execute code on a system. Mozilla says there’s no evidence of these vulnerabilities being exploited in the wild. Two additional CVEs—CVE-2026-0891 and CVE-2026-0892—cover multiple internally discovered issues affecting Firefox, Firefox ESR, and Thunderbird, with risk levels ranging from medium to high.
Alongside the main release, Mozilla has issued Firefox ESR 140.7.0 and ESR 115.32.0, the latter specifically for legacy platforms such as Windows 7, Windows 8.1, and macOS 10.12 through 10.14. These extended support releases include the same critical security fixes. Mozilla is expected to release Firefox 148 on February 24, at which point it will once again face the decision of whether to further extend support for Firefox 115 on older operating systems.
The update cycle also extends to privacy-focused browsers and email clients. Tor Browser 15.0.4, based on Firefox ESR 140.7, and Tor Browser 13.5.27, based on ESR 115.32, are now available, both shipping with NoScript 13.5.7. Thunderbird has likewise been updated to 147.0 and 140.7.0esr, addressing security issues inherited from Firefox’s codebase.