56 already has a number of vulnerabilities that have been fixed in 57+.

If you leave a window unlocked, on average, you usually don't have a break-in, but your risk varies depending on your neighborhood.

Similarly, if you are using software with a known vulnerability, but you avoid sites with suspicious content and block everything unnecessary, you may not encounter a site exploiting that vulnerability.

But I suspect everyone's luck runs out at some point, and you never know when that will be.

Security -- physical or digital -- is not black and white, all or nothing. It's gradations of risk that require a little personal reflection.

How would we feel if our browser was taken over to steal all our computer data or lock it away from us? If we have good backups and/or we can afford to lose some stuff, and we don't have a lot of sensitive data to grab, we can take more risk than people who would be out of business or personally devastated by an attack.

Is some risk worth taking? You have to weigh the value of the extensions you can run on Firefox 56 that you can't run on Firefox 57. They may be very important to your use and enjoyment of the web.

So no one can tell you what to do, it's your call.

Also, you can turn off one of the features (SharedArrayBuffer) that can be used for a timing attack:

(1) In a new tab, type or paste about:config in the address bar and press Enter/Return. Click the button promising to be careful or accepting the risk.

(2) In the search box above the list, type or paste shared and pause while the list is filtered

(3) If the javascript.options.shared_memory preference is true, double-click it to flip the value to false

There's no fix for the performance.now() issue for Firefox 56.