This site will have limited functionality while we undergo maintenance to improve your experience. If an article doesn't solve your issue and you want to ask a question, we have our support community waiting to help you at @FirefoxSupport on Twitter and/r/firefox on Reddit.

Search Support

Avoid support scams. We will never ask you to call or text a phone number or share personal information. Please report suspicious activity using the “Report Abuse” option.

Learn More

Will Firefox ESR v48.x for OSX 10.8 and below be patched for Apple's chip vulnerability?

  • 3 replies
  • 3 have this problem
  • 3 views
  • Last reply by soupjunior

more options

I recently upgraded my older MacBook to 10.7.5 and was happy to hear that Firefox ESR v48.x would work as a modern browser. Two days later the Spectre/Meltdown vulnerability was released. I understand that support has ended for ESR v48.x but would like to know if Mozilla has any plans to release a security patch to protect our older Mac's?

I recently upgraded my older MacBook to 10.7.5 and was happy to hear that Firefox ESR v48.x would work as a modern browser. Two days later the Spectre/Meltdown vulnerability was released. I understand that support has ended for ESR v48.x but would like to know if Mozilla has any plans to release a security patch to protect our older Mac's?

Chosen solution

There was no 48 ESR; there was 45 ESR then 52 ESR.

https://blog.mozilla.org/security/2018/01/03/mitigations-landing-new-class-timing-attack/

Firefox 52 ESR does not support SharedArrayBuffer and is less at risk; the performance.now() mitigations will be included in the regularly scheduled Firefox 52.6 ESR release on January 23, 2018.

Read this answer in context 👍 1

All Replies (3)

more options

Hello, this will not be patched as Firefox 48 ESR is no longer supported. If this answered your question, mark as solution.

more options

Chosen Solution

There was no 48 ESR; there was 45 ESR then 52 ESR.

https://blog.mozilla.org/security/2018/01/03/mitigations-landing-new-class-timing-attack/

Firefox 52 ESR does not support SharedArrayBuffer and is less at risk; the performance.now() mitigations will be included in the regularly scheduled Firefox 52.6 ESR release on January 23, 2018.

more options

Thank you. Evidently I was confusing ESR versions with Firefox versions. The version I am using is Firefox ESR version 45.8.

Seems there will be no more security updates so I will finally have to migrate away from Firefox. Version 45.9 ESR is the last supported under OSX 10.7.5.