On April 29, 2025, Mozilla unveiled Firefox 138, a significant update that addresses multiple high-severity security vulnerabilities and introduces a robust profile management system. This release underscores Mozilla’s commitment to user security and personalized browsing experiences.
Addressing Critical Security Vulnerabilities
The latest version of Firefox resolves several critical security flaws that could have been exploited by malicious actors:
– Privilege Escalation via Update Mechanism (CVE-2025-2817): Security researcher Dong-uk Kim identified a vulnerability where medium-integrity user processes could interfere with SYSTEM-level updaters by manipulating file-locking behavior. This flaw allowed attackers to bypass access controls, enabling SYSTEM-level file operations on paths controlled by non-privileged users, potentially leading to privilege escalation.
– WebGL Shader Attribute Memory Corruption on macOS (CVE-2025-4082): A memory corruption issue in WebGL shader attributes could trigger out-of-bounds reads. When combined with other vulnerabilities, this flaw could be exploited to escalate privileges on macOS systems.
– Process Isolation Bypass Using URI Links (CVE-2025-4083): Reported by Nika Layzell, this vulnerability involved improper handling of `javascript:` URIs in cross-origin frames. It allowed content to execute in the top-level document’s process instead of the intended frame, potentially enabling sandbox escapes.
– Memory Safety Bugs (CVE-2025-4092): These bugs showed evidence of memory corruption and could potentially be exploited to run arbitrary code.
The Center for Internet Security (CIS) has rated these vulnerabilities as high-risk for government and business entities. While there are currently no reports of these vulnerabilities being exploited in the wild, users are strongly advised to update their browsers promptly to mitigate potential risks.
Introducing Enhanced Profile Management
Beyond security enhancements, Firefox 138 introduces a much-anticipated profile management feature, allowing users to create separate profiles to compartmentalize their browsing activities. This functionality enables users to maintain distinct sets of bookmarks, tabs, passwords, and browsing histories for different contexts, such as work, personal use, or specific projects.
The profile management feature is being rolled out gradually. Users eager to access it immediately can enable it by toggling the `browser.profiles.enabled` preference in the `about:config` settings.
Additional Enhancements in Firefox 138
Mozilla’s commitment to improving user experience and security is evident in the following updates:
– Tab Groups: A new way for users to organize and manage their tabs, enhancing productivity and reducing clutter.
– Acrylic-Style Menus for Windows 11: Popup windows now feature acrylic-style menus, aligning with the aesthetic of Windows 11 and providing a more cohesive user interface.
– Improved Autofill Experience: The address and credit card autofill functionality has been refined to better handle forms that update dynamically as users input information, ensuring a smoother and more accurate autofill process.
– Support for Import Map Integrity Field: This addition allows users to ensure the integrity of dynamically or statically imported modules, enhancing security and reliability in web development.
– Implementation of `Error.isError`: This feature enables brand checks to determine whether an object is an instance of `Error`, improving error handling and debugging processes.
– Support for `error.captureStackTrace`: This extension enhances compatibility with other browsers by providing a standardized method for capturing stack traces, aiding in debugging and error analysis.
– Network Panel Enhancements: A new column has been added to the Network panel to display the full path of the request URL, providing developers with more detailed insights into network requests.
– Uniform User Agent Style for `
