patchletter

The current version of Firefox ESR is 140.12.0esr (as of 08/07/2026).

Firefox ESR

Mozilla · current 140.12.0esr

Actively exploited vulnerabilities

The US cybersecurity agency CISA lists this vulnerability in its catalog of Known Exploited Vulnerabilities. Check your version and patch or mitigate promptly.

  • CVE-2016-9079Mozilla Firefox, Firefox ESR, and Thunderbird Use-After-Free Vulnerability

Source: CISA KEV. The CVE is matched to the product automatically — when in doubt, the linked NVD entry applies.

Firefox ESR at a glance

Firefox ESR (Extended Support Release) is the slow-cadence build of Firefox for organizations that need stability — feature changes land only about once a year, while security fixes arrive continuously via minor releases.

For admins ESR is the pragmatic choice where frequent feature jumps would disrupt users or embedded workflows. Security updates within an ESR line are low-risk and should be applied promptly (browsers are a top attack surface). The annual major-version bump to the next ESR is the point that warrants testing of extensions and enterprise policies. Manage it via policies.json/ADMX like regular Firefox. Watch the overlap window when an ESR line reaches end of life so you migrate before support stops.

Release history · as detected by patchletter

VersionChannelDateNotes
140.12.0esrLTS08/07/2026

Never miss a Firefox ESR update

We check the source daily and email you — instantly or as a digest. Free, one-click unsubscribe.

Watch Firefox ESR

Related tools in Browsers & Clients