I-Firefox Community Forum

Hi, During some tests I found that FF 115.19.0esr can still execute arbitrary JS similarly to CVE-2024-4367. I’ve checked the versions and > 115.11esr should be patched. Any payload with ‘/JS’ taken from https://github.com/luigigubello/PayloadsAllThePDFs/tree/main will do. Since this is probably important – FontMatrix is *not* working (no JS), original PoC (https://codeanlabs.com/wp-content/uploads/2024/05/poc_generalized_CVE-2024-4367.pdf) is also *not* working. I also wasn’t able to call an external script and so far haven’t found any path to exploit it beyond an alertbox. However, it still bothers me a lot and I’d like to know whether it’s the correct, expected behavior with FF+pdf.js, is it a vulnerability, or maybe my browser was somehow corrupted or is using some other mechanism that’s not within your control (my settings? about:config?).

Steps to re-create: 1. Open file in notepad 2. Add ‘/OpenAction 99 0 R’ after ‘lang’ in ‘1 0 obj section’ 3. After ‘endobj’ add ‘99 0 obj <</Type /Action /S /JavaScript /JS (app.alert\(1\);)>>’ 4. Result – alertbox popping twice

Dear Sir,

Firefox is not working with Rabby Wallet and Metamask extensions.

It does no pop-up the window to see the transaction and sign it. Firefox 134.0.1 (64-bit). Windows 10 Home.

On Metamask at least I can click on the pinned extension and see the window. However it´s not the expected behavior, because it should open the pop-up automatically. With Rabby wallet it is impossible to proceed, even clicking on the extension icon.

Please fix it.

Firefox kicks me out! My Mac works like a charme without any hardware problems. But now my favorite browser (FF) quits support. I'm amazed that a project like Mozilla does not care about sustainability. Any update in the software world must take care concerning downward compatibility - otherwise you exclude former users/customers. So why is ESR for Macos 10.9 to 10.11 not supported anymore? There are millions of Core2Duo-machines, that Mozilla sends to the trash. I'm extremely disappointed!

Hi Mozilla Team / Community,

We understand that Firefox 115 ESR will receive security updates until at least version 115.27.0esr in August 2025.

We currently have a number of devices still running Windows 7 for legacy application reasons and rely on Firefox 115 ESR as it's the last version to support that OS.

We need to plan ahead, so could you please confirm:

Will Mozilla continue to support Windows 7 with Firefox 115 ESR updates until August 2025?

Or is support for Windows 7 ending sooner, even if 115 ESR itself continues?

Bank Accounts: I can no longer access my Bank accnts online. My Bank says they no longer support my current version (ESR) & I must upgrade in order to access accnts online. Don't know what to do.

Because the economy, inflation, and lower incomes are still a major problem, many users like myself need to continue using old computers that can only run Windows 7. So we need Firefox ESR 115 to continue being supported with updates for at least a couple more years.

I was on the ESR channel and after the recent updates to 142.01 or 141 the ESR is missing from the about Firefox. I had got the tab groups option a few updates back and liked it. This latest update changed how a tab group collapses, instead of showing only the tab group name and collapsing all the tabs it leaves one open wasting space when I have several other tabs open. At least I don't see any sign of the annoying AI junk getting in the way yet. I thought you had a choice to stay on the ESR channel according to this link and others. https://support.mozilla.org/en-US/kb/firefox-support-windows-10-end-support I'll probably be forced to update to Windows 11 to do my taxes next year but I thought at least I could stay on the ESR channel to avoid new features getting in the way.

So, as has been announced, FireFox 115 ESR will get updates until septempber 2025. This deadline has been extended multiple times. What factors are being taken in consideration when deciding whether to extend support again? With server 2008 updates you can get windows 7 up to date until 2026, sort of. Ending support in september would still be sad, because people too stubborn or not willing to upgrade probably still wont when support of firefox ends. I am a firefox on windows 7 user myself too, and it would be sad if they dropped support. Ill have to use a backported fork by the community

So thats my question, what factors matter in terms of extending 115 esr support again?

I've been a long time supporter of Firefox and it's taken me a few years get all the bugs out of Win 7 so I'm not going to repeat that on Win X. My Win7_64 water cooled platform is overclocked, stable, and just as fast as most affordable new chipsets from Intel. I have third party security apps and firewall. I'm not downgrading to Windows X whatever later version that is and I'm considering other browser options, if anybody has ideas?

Although I'm on the ESR channel, I've been using User Agent Switcher for a while, which seems to work well on most sites. I also notice DuckDuckgo browser claims to support Win 7. I will miss Firefox, but switching to a Win7 supported browser would be my first option, then Linux if I have to dump Windows 7 for something else.

Developers will moan and say switch to Win X with the favorite phrase 'Upgrade' when my experience has been the opposite, but what do others feel who are using older versions of Windows?

My MacOS is 10.13.6 (cannot go higher on this machine). Since update to 15.119.0esr, embedded map graphics are no longer showing. The map graphic sub-window instead shows "Sorry, we have no imagery here" in several places across the map. I am getting the same for multiple websites, including the location maps in Zillow.com . Google Maps works fine, and I think the problem is isolated to maps embedded in pages. Did not have this issue last week, prior to updating to 15.119.0esr. This is SO BAD that if it's not fixable, I want to revert to 15.118...

Glenn Schaffer Email removed for privacy

Chase stopped letting me sign into my account. They assert my laptop IOS browser is not supported. Chase wants me to download Firefox 128, but my “About Firefox” says my browser is up to date @ 115.30Oesr. I am afraid to download the version Chase is offering/demanding. So can you tell me if this is a legitimate app and why doesn’t Firefox offer it to me? My IOS is version 10.14.6

I am running Windows 11, with Firefox 97.0 ("Up To Date"), but the installer for the new 115 ESR does not work.

The installer (Firefox Setup 115.18.0.esr.exe) seems to think that my system is running Windows 7 and does not proceed.

thank you for your time & expertise:) Can you please help me understand what would happen if firefox stops supporting windows 7 users. Will i still be able to use the browser - just with less security? I will probably have to give up using a computer if I cant continue with Windows 7 so I'd even be prepared to pay an annual fee to keep the support going. Look forward to hearing from you, thanks Julie

Hello!

My 15 year old mac el capitan- 10.11.6 is in very good condition. Please do anything to make final update or let me pay privately to update this browser for chase bank and proton.me

Thanks for any response

Please forgive me if this already exists here (I suspect it does). Search tools did not yield what I was looking for.

TOPIC: Extended Support for Firefox 115 ESR

First, let me extend a hearty thank you to everyone on the Mozilla team and in the community that is continuing work on 115 ESR. This is helping a number of people that cannot upgrade for various reasons.

115 ESR is the last hope for many who are stuck on macOS 10.12-10.14 or Windows 7-8.1. While these systems are considered *very* out-of-date (users who are still on them are often chastised) they have a place. macOS for example, completely removed any and all support for 32-bit software as of macOS 10.15 ("Catalina"). I have encountered people with needs for 32-bit to run older apps and so they often keep a system running 10.14 ("Mojave").

Now, can old 32-bit configurations be kept around and isolated offline? Yes. But for some out there who cannot afford to upgrade, or cannot be with out specific 32-bit software, they would be forced offline completely (assuming they follow best security practices, which many do not). I have personally deployed 115 ESR on a number of systems to help people in this situation.

For the time being, ESR 115 is permitting these users to stay online with some degree of security, at least where web browsing is concerned.

QUESTION: Besides active user count, what other factors are keeping 115 ESR in active security-only support mode?