Protect.Computer
NEWS

Mozilla releases Firefox 149 and ESR updates fixing dozens of security flaws

· 1 min read · Device safety Malicious byte
Mozilla releases Firefox 149 and ESR updates fixing dozens of security flaws

Photo by protect.computer (custom explainer graphic) on protect.computer

What happened

Mozilla published a major browser security update cycle on March 24, 2026, including:

  • Firefox 149
  • Firefox ESR 115.34
  • Firefox ESR 140.9
  • Matching Thunderbird updates

The advisories list a large number of fixed vulnerabilities, including multiple high-impact memory-safety issues and sandbox-escape bugs. In plain language: older browser versions may be easier for attackers to abuse via malicious web content.

Mozilla’s own advisories do not claim broad in-the-wild exploitation for every issue, but the bug classes involved (memory corruption and sandbox escapes) are exactly the kind defenders should patch quickly.

Why this matters

Web browsers are one of the most exposed apps on most computers. Even careful users can get hit by a compromised ad, malicious site, or booby-trapped page.

When a release fixes this many browser security issues at once, delaying updates increases unnecessary risk—especially for people on shared or work devices.

How to check if you’re affected

You are likely affected if your browser is older than:

  • Firefox 149
  • Firefox ESR 115.34
  • Firefox ESR 140.9

Quick check steps

  1. In Firefox, open menu → HelpAbout Firefox.
  2. Confirm your version is at least one of the fixed versions above.
  3. Let Firefox finish updating and restart the browser.
  4. If you manage a fleet, verify policy-managed ESR channels also reached patched builds.

Immediate defensive actions

  • Update Firefox and Firefox ESR endpoints as a priority patch.
  • Restart browsers after update (don’t postpone restart prompts).
  • For managed environments, confirm update compliance via endpoint tooling.
  • Remind users not to ignore browser update prompts this week.

Sources

Bottom line

If Firefox is part of your daily workflow, update now. This is a broad security-fix release, and fast patching is the simplest way to reduce browser-based attack risk.

Related reading

News
Google Chrome 146.0.7680.80 security update fixes high-risk desktop browser bugs

Google released Chrome 146.0.7680.80 for Windows, macOS, and Linux with security fixes. Users should update promptly to reduce browser exploit risk.

News
Google patches CVE-2026-5281, the fourth actively exploited Chrome zero-day of 2026

Google released Chrome 146.0.7680.177/178 to fix CVE-2026-5281, a high-severity Dawn use-after-free vulnerability with confirmed in-the-wild exploitation.

News
Citrix patches critical NetScaler bleed-like flaws (CVE-2026-3055, CVE-2026-4368)

Citrix released urgent fixes for two NetScaler vulnerabilities, including CVE-2026-3055, a critical memory overread that can expose sensitive data on specific SAML IdP deployments.

News
Gigabyte Control Center flaw can allow remote file writes when pairing is enabled (CVE-2026-4415)

TWCERT/CC and NVD list CVE-2026-4415 in Gigabyte Control Center: unauthenticated remote file write when pairing is enabled, with potential code execution or privilege escalation.