Will Firefox ESR v48.x for OSX 10.8 and below be patched for Apple's chip vulnerability?
I recently upgraded my older MacBook to 10.7.5 and was happy to hear that Firefox ESR v48.x would work as a modern browser. Two days later the Spectre/Meltdown vulnerability was released. I understand that support has ended for ESR v48.x but would like to know if Mozilla has any plans to release a security patch to protect our older Mac's?
Réiteach roghnaithe
There was no 48 ESR; there was 45 ESR then 52 ESR.
https://blog.mozilla.org/security/2018/01/03/mitigations-landing-new-class-timing-attack/
Firefox 52 ESR does not support SharedArrayBuffer and is less at risk; the performance.now() mitigations will be included in the regularly scheduled Firefox 52.6 ESR release on January 23, 2018.
Read this answer in context 👍 1All Replies (3)
Hello, this will not be patched as Firefox 48 ESR is no longer supported. If this answered your question, mark as solution.
Réiteach Roghnaithe
There was no 48 ESR; there was 45 ESR then 52 ESR.
https://blog.mozilla.org/security/2018/01/03/mitigations-landing-new-class-timing-attack/
Firefox 52 ESR does not support SharedArrayBuffer and is less at risk; the performance.now() mitigations will be included in the regularly scheduled Firefox 52.6 ESR release on January 23, 2018.
Thank you. Evidently I was confusing ESR versions with Firefox versions. The version I am using is Firefox ESR version 45.8.
Seems there will be no more security updates so I will finally have to migrate away from Firefox. Version 45.9 ESR is the last supported under OSX 10.7.5.