Except where noted, everything here applies to both Firefox 93 and the Firefox 91.2 ESR.

General

• Firefox now protects against insecure downloads by blocking downloads relying on insecure connections. For more information, see bug 1685479. If you need to change this behavior, you can modify the preference dom.block_download_insecure via policy. This only applies to Firefox 93.

• TLS ciphersuites that use 3DES have been disabled. Such ciphersuites can only be enabled when deprecated versions of TLS are also enabled. For more information, see bug 1724072. This only applies to Firefox 93.

Bug fixes

• The Mozilla VPN offer no longer shows on the private browsing page when policies are enabled.

Policies

• The SanitizeOnShutdown (All) policy was not properly honoring a false value.

• The Preferences policy has been updated to allow setting the preference security.tls.enable_0rtt_data. This change was also made to the Firefox 78 ESR.

Special Notes

• The Firefox 78 ESR is the last version of Firefox that supports Flash. The last version of that ESR will be 78.15 which is scheduled to be released on 2021-10-05. This means that Flash will officially be out of support on Firefox when the Firefox 78 ESR reaches EOL on 2021-11-02.

• The Firefox 78 ESR is the last version of Firefox that supports macOS versions < 10.12.