Mozilla released Firefox 147 with fixes for 16 security vulnerabilities, including multiple high-severity sandbox escape issues and memory-safety flaws that could enable arbitrary code execution if exploited. Reported problem areas include the Graphics stack (notably WebGL/Canvas-related code paths), the Messaging System, IPC, and other core browser components; the fixes also apply to Firefox ESR 140.7 and Thunderbird ESR 140.7/147, with vendors urging users to update promptly given ongoing browser-targeted attack activity.
Public reporting highlights that several of the most serious issues involve bypassing Firefox’s isolation model via sandbox escapes in graphics and messaging components, alongside memory corruption bugs (including issues described as likely exploitable with sufficient effort). While no confirmed in-the-wild exploitation was reported in the coverage, the concentration of high-impact graphics-related vulnerabilities underscores continued risk in complex rendering surfaces such as WebGL and Canvas, reinforcing the need for rapid patch deployment across managed endpoints.

Mallory correlates global threat intelligence with your attack surface — know if you’re exposed before adversaries strike.
2 events from the most recent confirmed update back to the earliest known activity.
By 2026-01-16, Google had started rolling out Chrome 144.0.7559.59/.60 for desktop, fixing 10 vulnerabilities. The update addressed high-severity issues in the V8 JavaScript engine and Blink rendering engine, and Google awarded $18,500 in bug bounties for six reported flaws.
On 2026-01-13, Mozilla released Firefox 147, Firefox ESR 140.7, and Thunderbird ESR 140.7/147 with fixes for 16 security vulnerabilities. The advisory said seven flaws were rated high severity, including sandbox-escape, graphics, IPC, DOM, networking, and memory-safety issues that could enable arbitrary code execution.
Vulnerabilities, threat actors, malware, products, organizations, and breaches Mallory has linked to this story.
2 references tracked. Mallory keeps watching after this page renders.
techrepublic.com
Open sourcecybersecuritynews.com
Open sourceMap indicators from this story to your assets and identify affected systems in minutes.
Every observed campaign, victim, and pivot linked to actors named in this story.
Malware, exploits, and IOCs connected to the activity described here.
YARA, Sigma, and Snort rules deployed to your SIEM as soon as they’re published.
Get matching new stories delivered to your team as they break — not the next morning.
Ask questions about this story and take action on the answers.