Mozilla has released Firefox 147 to the stable channel, introducing enhanced web security via Safe Browsing V5, improved video playback on AMD GPUs, native WebGPU support for Apple Silicon Macs, and patches for multiple high-impact vulnerabilities.
Privacy and security upgrades
A key highlight of this release is Firefox’s migration from Safe Browsing V4 to V5, aligning the browser with Google's latest phishing and malware defense protocol. Safe Browsing V5 introduces a “local list mode“, where the browser maintains a local, privacy-respecting cache of threat indicators and only performs remote lookups when absolutely necessary. This approach helps minimize user data exposure while ensuring near real-time protection against rapidly emerging threats, such as phishing sites and malware-laden URLs.
Unlike V4's allow-by-default model, the new version defaults to check-by-default, enabling faster detection and blocking of malicious content. Firefox also gains access to Google's Global Cache, a curated list of benign sites that helps reduce unnecessary remote lookups. This is a privacy-enhancing shift ensuring that most security checks are done locally, and only anonymized hash prefixes are sent for verification when needed.
The V5 protocol also supports Oblivious HTTP, a privacy-enhancing feature that hides users' IP addresses from Google by routing requests through a non-colluding third-party relay.
Users with Enhanced Tracking Protection (ETP) set to “Strict” will see a new privacy enhancement in Firefox 147, where local network access restrictions are now enabled by default. This means websites will no longer be able to access devices on your local network, such as printers or routers, unless explicitly granted permission by the user. This helps prevent abuse scenarios where public websites attempt to scan or exploit devices inside a user’s home or office network.
Improved performance and hardware support
Firefox 147 also delivers several notable performance updates. Most notably, WebGPU is now enabled on Apple Silicon Macs, significantly enhancing graphics performance for web applications using GPU acceleration.
Zero-copy hardware video decoding is now also available on systems with AMD graphics cards, improving playback smoothness and resource efficiency. This update brings AMD systems in line with existing support for Intel and NVIDIA GPUs.
15 vulnerabilities fixed
Firefox 147 resolves 15 security vulnerabilities, including multiple high-severity flaws that could have allowed sandbox escapes, use-after-free bugs, and memory corruption leading to arbitrary code execution. Noteworthy issues patched in this release include:
- CVE-2026-0878 to CVE-2026-0880: Multiple graphics component vulnerabilities that could enable sandbox escapes via boundary condition errors and integer overflows, reported by Oskar L.
- CVE-2026-0882: A use-after-free flaw in the IPC (Inter-Process Communication) component, with potential for high-impact exploitation.
- CVE-2026-0887: A clickjacking and information disclosure bug in Firefox’s built-in PDF viewer, reported by Lyra Rebane.
- CVE-2026-0891 and CVE-2026-0892: Memory safety issues identified by Mozilla’s internal fuzzing teams, presumed exploitable under certain conditions.
Firefox users should update to version 147.0 as soon as possible to benefit from the latest security fixes and Safe Browsing improvements. The browser should update automatically, but users can also check for updates manually via the “About Firefox” menu.
Leave a Reply