Firefox Introduces Free Built‑In VPN for Users in the US, France, Germany, and the UK
What Happened – Mozilla released Firefox 149 (March 24, 2026) with a native, free VPN that routes browser traffic through a proxy and provides 50 GB of monthly data for users in four launch markets. The service is positioned as a privacy‑first alternative to typical free VPNs.
Why It Matters for TPRM –
- A new data‑processing layer is added to a widely‑used third‑party application, creating a potential vector for data collection or leakage.
- Enterprises that mandate approved VPN solutions must reassess policy exceptions for a built‑in browser VPN.
- Mozilla’s privacy‑by‑design claims need verification against corporate data‑handling standards.
Who Is Affected – Consumer and enterprise users of the Firefox browser; organizations that rely on Firefox for web‑based SaaS access (tech, finance, healthcare, etc.).
Recommended Actions –
- Review Mozilla’s VPN data‑handling documentation and map it to your organization’s privacy controls.
- Test the VPN in a sandbox environment to confirm no unintended data exfiltration.
- Update vendor risk registers to note the new privacy feature and adjust acceptable‑use policies.
Technical Notes – The VPN operates as an in‑browser proxy, masking IP addresses and location. Initial rollout limits users to 50 GB/month in the United States, France, Germany, and the United Kingdom. No known CVEs are associated; the feature is a software addition rather than a vulnerability exploit. Source: Help Net Security