https://support.mozilla.org/en-US/kb/firefox-users-macos-1012-1013-1014-moving-to-extended-support

Firefox 116.0 to the current Fx 151.0.2 Release and Fx 140.11.0esr requires macOS 10.15 (ten.fifteen) at minimum to run.

The older Firefox 115 ESR including the Fx 115.36.0esr is based on the old Firefox 115 Release with security/stability fixes since. The last planned update is Fx 115.39.0esr 9August 18) unless Mozilla decides to extend updates yet again before then.

If you can update your macOS to 10.15 or later then you can run current Firefox versions.

You can try to change your Firefox version number to fool sites like bank sites that say your Firefox is outdated..

• In a new tab, type or paste about:config (with a colon) in the location (address) bar and press Enter/Return. Click the button accepting the risk.
• In the search box in the page, type or paste forceVersion and pause while the list is filtered
• Double-click the network.http.useragent.forceVersion preference to display an editing field, and change the value to 128 or 140 then press Enter/Return or click the blue check mark button to save the change.

Yeah I don't think anyone's ever going to be able to verify there's not an extra line snuck in there somewhere phoning home all the keystrokes or passwords, given the size:

"aobaharuki2005/momiji-web-browser forked from Wowfunhappy/firefox-dynasty — This branch is 71964 commits ahead of and 36343 commits behind Wowfunhappy/firefox-dynasty:central"

It looks like a fun engineering feat and is definitely interesting in itself, however bases off of a fork network that has one of the origins deleted, one of the reasons might have been copyright infringement back in the day. So it's all kinda built atop shaky foundations.

Lot of these fun forks are maintained by a single or a handful of individuals (if I wanted to be snarky I'd add hailing from from authoritarian communist countries, to put in some context regarding trust, security and privacy), and I don't believe all the Windows 7 and legacy Mac users are enough of a peer review to make sure the app is still safe and secure, both on the patched source level, as well as the built binaries.

So your instinct is correct here, to be cautious in the first place, as relying on such app for day to day browsing (finance, health, logins, payment credentials…) sounds completely crazy from today's perspective.

If you're not planning to upgrade your Mojave (yeah it was one of the best back in the day, I understand…) then you'll probably get a few more months out of official ESR 115 support lifecycle — and can try masquerading for the couple of sites that deem that as too old: https://support.mozilla.org/questions/1582867 — either via editing prefs directly, or employing an add-on to give some flexibility and visibility into the values spoofed.

Thanks for all the replies. So upgrading to MacOS 10.15 (Catalina) would likely solve these problems (at least for now). Unfortunately I still run several old 32-bit apps so it's not straightforward to upgrade. I believe there are virtual OS apps out there which would let me run the occasional 32-bit apps with an older MacOS version of my choice within the actual 64-bit only MacOS 10.15, but I find it complicated and time consuming to figure out and haven't gotten round to fully trying it out. But that may be a solution in the long run. I may however be able to upgrade one of our Macs from 10.14 to 10.15, but need to look into all the software, drivers etc. to be sure I won't end up with essential apps that can't be used (nor upgraded)

Excellent suggestion about changing the network.http.useragent.forceVersion parameter from the default 0 to 128 or 140! Alas it didn't help with the sites I had problems logging into. I also tried the UAswitcher and Chrome-Mask add-ons, unfortunately also to no avail. Finally I created a brand new user-profile in Firefox (going to about:profiles in the URL field) just to ensure that none of my other add-ons or custom parameters were the reason for my problems. Still no go. I'll probably need to ask the online services in question what their system requirements are and take it from there. Seems there's more to it than just spoofing the browser version.

Regarding Momiji, Pale Moon and similar forks off the official Firefox: actually Momiji worked with the site I had problems with using the normal Firefox (115.36.0esr), but if I understand correctly it's a safety risk and I should perhaps stop using it immediately? Is there a way to find out if I haven't already been compromised by using it?

I conclude from what has been said here that I would be making the best choice by immediately reverting to the latest official Firefox I can use on my OS (i.e. 115.36.0esr for MacOS 10.14), then figure out which add-ons and/or custom configurations I can apply in order to allow access to websites normally telling me "Your browser is no longer compatible with this website".

Yes, at this point Catalina similarly to W10 altough end–of–life will be getting Firefox releases for the foreseeable future, as there are no immediate plans or platform/API reasons to drop support — and if there were, there would still be an ESR cycle that would give about a year of critical support from that point on, so there's plenty of cycles ahead for macOS 10.15 releases;)

I'm not familiar with your 32bit software compatibility, but I'd personally look into virtualization, getting something running way more modern at that point, at least Monterey (even OCLP) and THEN having a VM with 10.14 to just run what's necessary.

Using the forks for checking what's today's special at the sandwich place down the road is probably fine. But I wouldn't put any credentials in it TBH. I don't believe any of the kids are actually putting anything malicious in, but… how you'd verify that? Or if you trust the download now, how you'd validate any updates? Or that the downloads are genuine, given the binaries are not even signed so depending on where you're getting them from… do you trust the source? etc. In the era we're living in the patches to enable all that legacy while being an interesting engineering feat are still just peer–unreviewed shims, without security assurance, fuzzing, access to supply chain security info etc. that critical pieces of SW like our day–to–day browsers need to be scrutinized for — they are just super–glued together… and you have to take the anonymous student's word for it that the way they slap together the three or more disjunct branches (based on their selection criteria) with some ad–hoc ductape on top is the safe way to access your bank or pay healthcare bills…

I mean… if you need that to play a fun online game or check a web platform rendering feature not available sooner… go for it;)

The issue with useragent.forceVersion on ESR 115 is a compatibility tweak that was in place during that time, that even with the product version artificially inflated it can still be told the actual engine is old, because it's got a fixed value:/

But the cloaking addons are surprising, would have expected better results :[

I'm wondering what kind of sites you're not successful in fooling, as they'd need to really want to find out what's the browser underneath… (yes, there's platform/API support matrix that can tell a lot; also some of the cryptographic signatures when analyzed for malicious traffic patterns can be uncovered as not being genuine for the versions claimed etc. … but that's some serious effort to be able to tell…)