Firefox 151 Patches Sandbox Escape Bug, Adds Major Privacy Upgrades

Mozilla has released Firefox 151.0, a security and privacy update that patches a critical sandbox escape vulnerability and introduces several meaningful privacy improvements. The update addresses CVE-2026-8953, a use-after-free bug in the Disability Access APIs component that could allow an attacker to escape the browser's sandbox. While no in-the-wild exploitation has been reported, such memory corruption flaws are often chained with other exploits to achieve full system compromise.

On the privacy front, Firefox 151 introduces an "end private session" button that clears all private browsing data—history, cookies, cached files, and other site data—without requiring users to close every private window. This reduces the risk of leaving traces behind when switching between private and normal browsing. The feature is accessible via a fire-icon button next to the address bar.

Another key privacy enhancement is stronger anti-fingerprinting protection in the default "Standard" Enhanced Tracking Protection (ETP) mode. Mozilla says the new measures reduce the number of uniquely identifiable users by about 14% overall, and by roughly 49% on macOS. This makes it harder for trackers to single out users based on device and browser characteristics.

Firefox 151 also rolls out local network access restrictions to all users by default. When a website attempts to communicate with devices on the user's local network or with local applications, Firefox now prompts for permission. This feature was previously limited to Strict ETP mode and aligns with similar prompts in Chrome and Edge.

The update is available now. Users can update by navigating to Help > About Firefox in the menu. Mozilla notes that some features are part of a progressive rollout, so not all users may see them immediately.