X
Tap here to go to the mobile version of the site.

Support Forum

Will Firefox ESR v48.x for OSX 10.8 and below be patched for Apple's chip vulnerability?

Posted

I recently upgraded my older MacBook to 10.7.5 and was happy to hear that Firefox ESR v48.x would work as a modern browser. Two days later the Spectre/Meltdown vulnerability was released. I understand that support has ended for ESR v48.x but would like to know if Mozilla has any plans to release a security patch to protect our older Mac's?

I recently upgraded my older MacBook to 10.7.5 and was happy to hear that Firefox ESR v48.x would work as a modern browser. Two days later the Spectre/Meltdown vulnerability was released. I understand that support has ended for ESR v48.x but would like to know if Mozilla has any plans to release a security patch to protect our older Mac's?

Chosen solution

There was no 48 ESR; there was 45 ESR then 52 ESR.

https://blog.mozilla.org/security/2018/01/03/mitigations-landing-new-class-timing-attack/

Firefox 52 ESR does not support SharedArrayBuffer and is less at risk; the performance.now() mitigations will be included in the regularly scheduled Firefox 52.6 ESR release on January 23, 2018.

Read this answer in context 1

Additional System Details

Application

  • User Agent: Mozilla/5.0 (Windows NT 10.0) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/63.0.3239.132 Safari/537.36

More Information

Mkll 309 solutions 1956 answers

Hello, this will not be patched as Firefox 48 ESR is no longer supported. If this answered your question, mark as solution.

Hello, this will not be patched as Firefox 48 ESR is no longer supported. If this answered your question, mark as solution.
the-edmeister
  • Top 10 Contributor
  • Moderator
5273 solutions 39051 answers

Chosen Solution

There was no 48 ESR; there was 45 ESR then 52 ESR.

https://blog.mozilla.org/security/2018/01/03/mitigations-landing-new-class-timing-attack/

Firefox 52 ESR does not support SharedArrayBuffer and is less at risk; the performance.now() mitigations will be included in the regularly scheduled Firefox 52.6 ESR release on January 23, 2018.

There was no 48 ESR; there was 45 ESR then 52 ESR. https://blog.mozilla.org/security/2018/01/03/mitigations-landing-new-class-timing-attack/ '''Firefox 52 ESR does not support SharedArrayBuffer and is less at risk; the performance.now() mitigations will be included in the regularly scheduled Firefox 52.6 ESR release on January 23, 2018.'''

Question owner

Thank you. Evidently I was confusing ESR versions with Firefox versions. The version I am using is Firefox ESR version 45.8.

Seems there will be no more security updates so I will finally have to migrate away from Firefox. Version 45.9 ESR is the last supported under OSX 10.7.5.

Thank you. Evidently I was confusing ESR versions with Firefox versions. The version I am using is Firefox ESR version 45.8. Seems there will be no more security updates so I will finally have to migrate away from Firefox. Version 45.9 ESR is the last supported under OSX 10.7.5.