Mozilla pushed Firefox 143 to the stable channel this week, packing the browser with new AI sidebar providers, Windows taskbar web‑app pinning, and — most critically — patches for at least two high‑risk vulnerabilities that could let attackers escape the browser sandbox. The release also begins rolling out Google Lens visual search and long‑requested accessibility upgrades, but the security fixes demand immediate attention from both home users and IT administrators.

What Actually Changed in Firefox 143

AI Sidebar Gains Microsoft Copilot

The browser’s AI sidebar, introduced in version 142, now lists Microsoft Copilot alongside ChatGPT, Google Gemini, Anthropic Claude, and Le Chat Mistral. Practically, it’s a web‑surface container: Copilot’s standard chat interface loads inside the sidebar, meaning all queries, uploaded images, and documents are processed on Microsoft’s servers. The sidebar does not run local models or automatically summarize pages without explicit sharing.

Google Lens Visual Search (Gradual Rollout)

Firefox 143 adds an option to perform Google Lens reverse‑image searches from the context menu. There are two important catches: you must have Google set as your default search engine, and the feature is rolling out progressively to users. If you don’t see it yet, advanced users can force‑enable it via about:config:

  1. Type about:config in the address bar and accept the risk warning.
  2. Search for browser.search.visualSearch.featureGate.
  3. Double‑click the preference to toggle it to true.

The change takes effect immediately. After that, right‑clicking an image should show “Search image with Google Lens.” Remember that this sends the image to Google’s servers, so treat it like any cloud‑based visual search.

Pin Websites as Windows Taskbar Apps

One of the most tangible additions for Windows users: Firefox can now pin any website to the taskbar, opening it in a streamlined, app‑like window with its own icon. Unlike some Chromium “SSB” implementations, Firefox keeps your extensions and profile context intact inside pinned apps. Look for a new pin icon on the right side of the address bar. The feature is currently exclusive to the standard desktop installer — Firefox installed from the Microsoft Store won’t offer pinning due to MSIX packaging limitations.

Accessibility and Media Updates

  • Windows UI Automation is being enabled as an option for assistive technologies like Narrator, Voice Access, and the Text Cursor Indicator. Mozilla is rolling this out over the coming weeks.
  • Camera preview: When a site requests camera access, a live preview now appears in the permission dialog so you can confirm the correct camera.
  • xHE‑AAC playback: Added on Windows 11 (22H2+), macOS, and Android 9+, improving compatibility with modern streaming services.
  • Drag‑to‑pin tabs: You can now pin tabs by dragging them to the top of the tab bar.
  • Auto‑delete Private Browsing downloads: An option to automatically clear downloads when the private session ends.
  • Important dates in the address bar: In some locales, Firefox will surface reminders for holidays like Mother’s Day or Easter as address bar suggestions.

Security Fixes: The Urgent Reason to Update

Mozilla’s Security Advisory 2025‑73 documents at least 11 resolved vulnerabilities. Two externally reported flaws in the Canvas2D graphics component (CVE‑2025‑10527 and CVE‑2025‑10528) are rated high severity — they could allow malicious code to break out of the browser’s sandbox. Another high‑risk entry (CVE‑2025‑10537) covers multiple internally discovered memory safety bugs that could lead to arbitrary code execution. The remaining issues range from medium to low risk.

What These Changes Mean for You

For everyday users: The security patches are the headline. Update immediately to close those sandbox‑escape holes. After updating, you’ll find Copilot in the sidebar if you want it; otherwise, you can hide or disable the AI panel entirely. Google Lens, once enabled, lets you search by image directly without leaving the browser. Web‑app pinning can reduce tab clutter for services you use constantly — just pin Gmail, Outlook, or your company dashboard to the taskbar.

For power users: You have granular control. Use about:config to toggle experimental features like Lens or to disable AI providers (browser.ml.enable, browser.ml.chat.enabled, etc.). Experiment with pinned web apps to see if extension‑preserving behavior fits your workflow. Test xHE‑AAC playback on streaming services that use the codec. And if you want to avoid any AI integration, set the relevant browser.ml.* preferences to false.

For IT administrators: The high‑risk sandbox bugs make this a priority patch. Deploy Firefox 143 across managed fleets as soon as you’ve tested critical extensions and enterprise policies. The AI sidebar introduces a data‑leakage risk — Copilot and Lens send data to third‑party clouds. Use Firefox’s administrative policies to disable AI features if your compliance rules prohibit such external sharing. Educate employees not to paste proprietary information into AI chatbots or upload internal documents to visual search tools. Note that the Microsoft Store build lacks web‑app pinning; if your org relies on that packaging, plan accordingly.

How We Got Here: Firefox’s Feature Catch‑Up

Firefox has been on a brisk release cadence, with versions 140 through 143 emphasizing parity with Chromium‑based browsers while keeping Mozilla’s privacy‑first ethos. The AI sidebar debuted in Firefox 142, hosting multiple chatbot providers rather than a single baked‑in assistant. Meanwhile, rival browsers already offered visual search (Chrome’s Lens, Edge’s Bing‑powered image search) and taskbar web‑app support. Firefox 143 closes several of those gaps: it adds web‑app pinning, brings Copilot into the multi‑vendor AI panel, and finally delivers Google Lens — albeit gated by search engine choice and a gradual rollout.

Mozilla has also been steadily improving accessibility. The UI Automation integration has been in testing for several releases, and this version makes it generally available to assistive technology users on Windows. Media parity gets a boost with xHE‑AAC support, addressing a concrete streaming‑compatibility gap on Windows 11.

What to Do Now: Update, Configure, and Lock Down

  1. Update immediately. Open the menu → Help → About Firefox to trigger the 143 update. Managed endpoints should follow your established deployment pipeline.
  2. Decide what to do with AI. If you use Copilot, it’s just a sidebar tab away. If you don’t want it, right‑click the sidebar and hide the AI panel, or head to about:config and set browser.ml.chat.enabled to false.
  3. Enable Google Lens if desired. Set Google as your default search engine, then check the context menu on images. If the option is missing, toggle browser.search.visualSearch.featureGate to true in about:config.
  4. Pin your most‑used web apps. On the standard Windows installer, find the pin icon in the address bar and create taskbar shortcuts for email, calendars, or work dashboards.
  5. Review enterprise policies. If you manage Firefox via Group Policy or policies.json, look for any new policies that control AI features (check AI or FirefoxSuggest categories) and lock them down if needed.
  6. Communicate privacy risks to users. Remind teams that queries to Copilot or Lens are processed on third‑party servers — not locally.

What to Watch Next

Firefox 144 is slated for October 14, 2025, and will likely bring more platform support tweaks (including raising minimum Android versions and ending some 32‑bit builds). Mozilla has indicated that web‑app pinning will eventually reach Linux and macOS. The AI sidebar will probably see more providers and tighter OS integration in future releases, but Mozilla has shown no inclination to abandon its external‑surface approach. Keep an eye on the rapid release notes for incremental improvements to Lens, accessibility, and media codecs.

For now, Firefox 143 is a pragmatic update: it hands users long‑requested conveniences while quietly patching the sandbox. The biggest headline isn’t a shiny new feature — it’s the vulnerabilities that should have you hitting “Restart to update Firefox” right now.