Mozilla Firefox ESR (pl)

by Mozillav140.11.0

Last updated Jun 8, 2026

Get the Firefox Extended Support Release or Rapid Release browser for comprehensive data security and data protection.

Install with winget

$ winget install --id Mozilla.Firefox.ESR.pl --exact --version 140.11.0

Run in Command Prompt, PowerShell, or Windows Terminal. Prompts for any agreements.

Silent install command for Mozilla Firefox ESR (pl)

Mozilla Firefox ESR (pl) uses EXE (NSIS). The silent install switches are /S /PreventRebootRequired=true.

One-line silent install (x64, machine scope)

Firefox%20Setup%20140.11.0esr.exe /S /PreventRebootRequired=true

See the full silent install reference for Mozilla Firefox ESR (pl) →

Built by Pckgr

For Intune admins

Stop chasing app updates. Pckgr patches them for you.

Automated application patching for Microsoft Intune. Pckgr keeps a curated library of 1,000+ apps continuously up-to-date in your tenant via Microsoft Graph - no manual repackaging, no chasing vendor sites.

Start free 30-day trial

No credit card required.

Installers · v140.11.0

Architecture	Type	Scope	Download
x86	EXE NSIS	machine	Direct
x64	EXE NSIS	machine	Direct
arm64	EXE NSIS	machine	Direct

Copy a command tailored to that specific architecture, type, and scope - useful when winget would otherwise pick a different default.

Security

25 known CVEs via NVD

medium5.3Patched in wingetCVE-2024-9398affects before 128.3.0Oct 1, 2024
By checking the result of calls to `window.open` with specifically set protocol handlers, an attacker could determine if the application which implements that protocol handler is installed. This vulnerability affects Firefox < 131, Firefox ESR < 128.3, Thunderbird < 128.3, and T...
Vendor advisory
medium6.1Patched in wingetCVE-2024-9397affects before 128.3.0Oct 1, 2024
A missing delay in directory upload UI could have made it possible for an attacker to trick a user into granting permission via clickjacking. This vulnerability affects Firefox < 131, Firefox ESR < 128.3, Thunderbird < 128.3, and Thunderbird < 131.
Vendor advisory
high7.5Patched in wingetCVE-2024-9394affects before 115.16.0, 128.3.0Oct 1, 2024
An attacker could, via a specially crafted multipart response, execute arbitrary JavaScript under the `resource://devtools` origin. This could allow them to access cross-origin JSON content. This access is limited to "same site" documents by the Site Isolation feature on deskto...
Vendor advisory
high7.5Patched in wingetCVE-2024-9393affects before 115.16.0, 128.3.0Oct 1, 2024
An attacker could, via a specially crafted multipart response, execute arbitrary JavaScript under the `resource://pdf.js` origin. This could allow them to access cross-origin PDF content. This access is limited to "same site" documents by the Site Isolation feature on desktop c...
Vendor advisory
critical9.8Patched in wingetCVE-2024-8387affects v128.1Sep 3, 2024
Memory safety bugs present in Firefox 129, Firefox ESR 128.1, and Thunderbird 128.1. Some of these bugs showed evidence of memory corruption and we presume that with enough effort some of these could have been exploited to run arbitrary code. This vulnerability affects Firefox <...
Vendor advisory
medium6.1Patched in wingetCVE-2024-8386affects before 128.2Sep 3, 2024
If a site had been granted the permission to open popup windows, it could cause Select elements to appear on top of another site to perform a spoofing attack. This vulnerability affects Firefox < 130, Firefox ESR < 128.2, and Thunderbird < 128.2.
Vendor advisory
critical9.8Patched in wingetCVE-2024-8385affects before 128.2Sep 3, 2024
A difference in the handling of StructFields and ArrayTypes in WASM could be used to trigger an exploitable type confusion vulnerability. This vulnerability affects Firefox < 130, Firefox ESR < 128.2, and Thunderbird < 128.2.
Vendor advisory
critical9.8Patched in wingetCVE-2024-8384affects before 115.15, 128.2Sep 3, 2024
The JavaScript garbage collector could mis-color cross-compartment objects if OOM conditions were detected at the right point between two passes. This could have led to memory corruption. This vulnerability affects Firefox < 130, Firefox ESR < 128.2, Firefox ESR < 115.15, Thunde...
Vendor advisory

Showing 8 of 25. Source: NVD, updated 1h ago. Patch status is best-effort: NVD's fix version is compared against the latest version in winget, but the two version formats don't always align. Confirm with the vendor advisory before treating any specific build as safe.

See a CVE that affects your fleet? Push the patched version to Intune in one click with Pckgr - automated patching is the only way to keep up.

Related apps

Mozilla Firefox (en-US)Mozilla
Mozilla.Firefoxv151.0.4
Mozilla Firefox is free and open source software, built by a community of thousands from all over the world.
I
IceCatMozilla
Icecat.Icecatv115.24.0
The GNU version of the Firefox browser
Mozilla Firefox (pt-PT)Mozilla
Mozilla.Firefox.pt-PTv151.0.4
Mozilla Firefox is free and open source software, built by a community of thousands from all over the world.
Mozilla Firefox (MSIX) NightlyMozilla
Mozilla.Firefox.Nightly.MSIXv153.2606.1108.0
Firefox browser nightly builds
Mozilla Firefox (zh-TW)Mozilla
Mozilla.Firefox.zh-TWv151.0.4
Mozilla Firefox is free and open source software, built by a community of thousands from all over the world.
Mozilla Firefox (te)Mozilla
Mozilla.Firefox.tev151.0.4
Mozilla Firefox is free and open source software, built by a community of thousands from all over the world.

More from Mozilla or browse browser, cross-platform, foss.

Frequently asked questions

How do I install Mozilla Firefox ESR (pl) on Windows?

Open Windows Terminal, PowerShell, or Command Prompt and run: winget install --id Mozilla.Firefox.ESR.pl --exact --version 140.11.0. winget downloads the installer from Mozilla and runs it. Requires Windows 10 (1809+) or Windows 11.

How do I install Mozilla Firefox ESR (pl) silently for unattended deployment?

Add --silent and accept the agreements upfront: winget install --id Mozilla.Firefox.ESR.pl --exact 140.11.0 --silent --accept-package-agreements --accept-source-agreements. This is the variant Intune, Configuration Manager, and other deployment tools should use.

What are the silent install switches for Mozilla Firefox ESR (pl)?

Mozilla Firefox ESR (pl) uses EXE (NSIS). Run the downloaded installer with: Firefox%20Setup%20140.11.0esr.exe /S /PreventRebootRequired=true. The silent switches are /S /PreventRebootRequired=true.

How do I uninstall Mozilla Firefox ESR (pl) via winget?

Run: winget uninstall --id Mozilla.Firefox.ESR.pl --exact. Add --silent for unattended uninstalls. winget will use the registered uninstaller from Mozilla Firefox ESR (pl)'s Apps & Features entry.

Is Mozilla Firefox ESR (pl) free?

Mozilla Firefox ESR (pl) is distributed under MPL-2.0. Refer to the publisher (https://www.mozilla.org/firefox/enterprise/) for the full license terms - Wingetly itself does not charge for installation.

Does Mozilla Firefox ESR (pl) work on Windows 10?

Yes, as long as your Windows 10 build supports winget (1809 or newer). winget ships with App Installer on Windows 10/11 and pulls Mozilla Firefox ESR (pl) directly from the publisher.

How do I keep Mozilla Firefox ESR (pl) up to date?

Run winget upgrade --id Mozilla.Firefox.ESR.pl --exact, or winget upgrade --all to update everything winget tracks. We index 10 versions of Mozilla Firefox ESR (pl) from microsoft/winget-pkgs.

Recent versions

140.11.0latest
140.10.2
140.10.1
140.10.0
140.9.1
140.9.0
140.8.0
140.7.1
140.7.0
140.6.0