Chrome, Firefox & Thunderbird: New versions fix vulnerabilities
Fresh browser and mail client releases from Google and Mozilla eliminate vulnerabilities, some of which are very serious.
(Image: Artur Szczybylo/Shutterstock.com)
The new version 141 of Mozilla's Firefox browser is here and comes with security fixes. Mozilla has also made security improvements to the ESR versions (Extended Support Releases) in the form of the secure versions ESR 115.26, ESR 128.13, and ESR 140.1. The same applies to the Thunderbird mail client, which is now also available in version 141 as well as in the fixed ESR versions 128.13 and 140.1.
The most dangerous of the closed security vulnerabilities have been rated as “High”; there are no classifications as “Critical”. A warning from the German Federal Office for Information Security (BSI) briefly summarizes the threats. According to this, some vulnerabilities could be exploited remotely under certain conditions, for example, to execute program code in the context of the software, cause denial-of-service states, or gain access to sensitive data.
Anyone interested in more details on vulnerabilities can find them in Mozilla's advisories for the respective new versions.
The new features in Firefox 141 include an AI assistant for tab organization, better customizability of the vertical table bar, and various optimizations for reduced RAM requirements. We have dedicated a separate report to the details:
- Updating Firefox - how to do it (heise tips+tricks)
- Updating Thunderbird - this is how it works (heise tips+tricks)
Chrome: Two high-risk vulnerabilities fixed
Yesterday, Tuesday, a so-called stable channel update was released for Google's Chrome browser to versions 138.0.7204.168/.169 (Windows, macOS) and 138.0.7204.168 (Linux).
As usual, Google's update announcement is sparing with details on the closed security gaps. The intention is to allow users enough time to apply the available updates instead of causing unnecessary attack risks.
The company states that it has made a total of three security fixes. Two gaps with a “high” rating (CVE-2025-8010, CVE-2025-8011) have been closed. “A remote, anonymous attacker can exploit multiple vulnerabilities in Google Chrome to execute arbitrary program code,” explains a BSI publication in this regard.
To check whether Chrome is already up to date, users can call up the version dialog. They can do this by clicking on the icon with the three stacked dots to the right of the address bar and then clicking on “Help” and then “About Google Chrome”. This may also trigger the update process if the browser is out of date.
(Image:Â heise online / Screenshot)
On other platforms, the app stores or, under Linux, for example, the distribution-specific software management are responsible for updating. As the Chromium code forms the basis for other web browsers, such as Microsoft's Edge, these are also likely to distribute updated versions in the near future. Users should then install these quickly.
(ovw)
