Navigation section

Mozilla Extends Firefox ESR 115 Support to March 2026 for Legacy Windows and macOS

  • Thread Author
Mozilla’s decision to keep Firefox 115 ESR alive for older machines is the latest twist in a multi-stage, pragmatic approach to supporting users who remain on end-of-life operating systems — the Extended Support Release for Firefox 115 will now be maintained for Windows 7, Windows 8/8.1 and macOS 10.12–10.14 through March 2026, with Mozilla promising a re-evaluation in early 2026. (ghacks.net, wiki.mozilla.org)

Security Backport visual: a shield over analysts monitoring dashboards.Background​

When Mozilla shipped Firefox 115 in July 2023 it also designated that build as the last full-feature release that would run on older desktop platforms such as Windows 7, Windows 8, Windows 8.1 and older macOS releases (Sierra, High Sierra, Mojave). To keep those users safe while minimizing long‑term maintenance costs, Mozilla moved those installs onto the Firefox Extended Support Release (ESR) channel — a version stream intended for stability and targeted security backports rather than new feature work. (blog.mozilla.org, support.mozilla.org)
ESR 115 became the “legacy branch” for those systems: mainstream users were migrated to the newer ESR codebase (128 and later) while critical security fixes and small, high-risk backports were continued on 115 for the affected platforms. Over the last two years Mozilla has treated 115’s end-of-life as a moving target, extending support multiple times as telemetry showed a non-trivial population of Firefox users running older operating systems. The most recent calendar update extends that support window to March 2026, at which point Mozilla will re-assess the feasibility of further backporting work. (support.mozilla.org, wiki.mozilla.org)

What changed (the facts)​

  • Firefox 115 shipped in July 2023 and was designated the last version that would run as a fully supported release on Windows 7/8/8.1 and macOS 10.12–10.14. (blog.mozilla.org, support.mozilla.org)
  • Mozilla moved those installations to the ESR channel so that security updates could be focused and fewer feature changes would complicate backports. (support.mozilla.org)
  • ESR 128 became the mainstream ESR used by current operating systems starting in September 2024, but 115 continued to receive point releases for legacy platforms. (support.mozilla.org)
  • The ESR 115 branch has had its support window extended multiple times; the release calendar now lists continued ESR‑115 maintenance for legacy OS builds up to March 2026, with a formal re-evaluation scheduled in early 2026. (ghacks.net, wiki.mozilla.org)
These are operational decisions that affect who receives security updates and for how long, not a change to Microsoft or Apple’s platform support policies. Mozilla’s ESR promises are scoped to Firefox’s own binaries and update delivery; they do not change the fact that Windows 7 and older macOS versions are out of OS‑level security support from their vendors.

Why Mozilla keeps extending ESR 115: numbers, realities, and trade-offs​

Mozilla’s repeated extensions are not arbitrary: they are an engineering and product balancing act driven by user telemetry and the cost of maintaining divergent code paths.
  • User base size: Internal telemetry-driven reports (the Firefox Public Data Report) indicate a measurable share of Firefox users continue to run older Windows and macOS releases. That population is large enough that, from Mozilla’s risk‑management perspective, providing continued security backports is a net benefit to user safety. The published article reporting the calendar update cites those telemetry figures as part of the rationale. (ghacks.net, github.com)
  • Operational cost vs. user safety: Backporting security fixes into an older codebase requires test infrastructure, build images, QA cycles, and security triage. Over time that work becomes more expensive as the 115 branch diverges from current Firefox internals. Mozilla has to weigh that cost against the harm of leaving millions of users exposed on unpatched browsers. The repeated six‑month extensions indicate that, for now, Mozilla judges the public‑safety benefit to outweigh the added maintenance. (wiki.mozilla.org, support.mozilla.org)
  • Ecosystem interoperability: Some add‑on and certificate behaviours diverge across major Firefox versions; Mozilla’s add‑ons team issued guidance around root certificate expiration events and extension signing implications for older Firefox builds earlier in 2025, which underscores how maintaining legacy branches interacts with the broader platform and developer ecosystem. (blog.mozilla.org)
Note on population statistics: Public telemetry numbers are updated frequently and can vary by week and region; the precise percentages cited in third‑party reports are snapshots and should be treated as such. The big picture remains: a non-negligible minority of Firefox users are on unsupported OS releases, and that fact is driving Mozilla’s maintenance choices. (ghacks.net, github.com)

What this means for users on older systems​

Continued security updates — with important limits​

For users who must remain on Windows 7, Windows 8/8.1 or macOS 10.12–10.14, Mozilla’s ESR 115 updates provide targeted security fixes for high‑risk issues in the browser itself. That’s better than no updates at all, but it is not a guarantee of complete safety.
  • ESR 115 receives security‑only point releases and emergency patches where necessary; functional enhancements and behavior changes are generally not backported. (support.mozilla.org)
  • Mozilla’s support extends only to the Firefox application on those legacy platforms — OS‑level vulnerabilities, driver exploits, out‑of‑date libraries, and platform services remain unsupported by Microsoft and Apple and therefore continue to expose users to risk.

Compatibility and ecosystem friction​

Older Firefox builds can eventually diverge in behavior from the web as it evolves:
  • Web standards, TLS stacks, and cryptographic libraries move forward; sites adopting new protocols or stricter certificate chains may break or degrade on legacy browsers even if the browser binary is patched.
  • Extension compatibility can be impacted by signing certificate rotations and platform changes; add-on authors were warned that expiring root certificates could temporarily disable legacy extensions unless appropriate fixes or updates were made. (blog.mozilla.org)

Practical user guidance (for Windows 7 / macOS 10.12–10.14 owners)​

  • If you can upgrade to a supported OS, do so. Moving to Windows 10/11 or a modern macOS is the only way to receive full, ongoing platform and browser updates. Mozilla continues to recommend moving to current ESR (128 or above) for fully supported configurations. (support.mozilla.org)
  • If hardware prevents a direct OS upgrade, consider migrating the device to a modern, lightweight Linux distribution as a possible path to continued security updates; many older machines run contemporary Linux comfortably and gain immediate support for a modern browser stack.
  • For those who must stay on legacy OSes, ensure Firefox’s auto‑update remains enabled (for the ESR updates that Mozilla provides), keep extensions trimmed to trusted ones, and complement browser updates with a broader defensive posture: network firewalling, least‑privilege accounts, and careful handling of untrusted documents and attachments. (support.mozilla.org, blog.mozilla.org)

The engineering and policy trade-offs Mozilla faces​

Mozilla’s extension of ESR 115 is a case study in long‑tail software maintenance and responsible custodianship of user security.

Strengths of Mozilla’s approach​

  • User safety first: By continuing high‑risk security backports to 115 for legacy OS users, Mozilla reduces the immediate attack surface for a potentially vulnerable segment of its user population.
  • Transparent roll‑forward: The ESR model and the release calendar give enterprises and users a predictable migration path and clear expectations about when and how automated upgrades occur. (support.mozilla.org, wiki.mozilla.org)
  • Measured, data‑driven decisions: Mozilla is using telemetry to assess the real‑world impact and to decide whether the maintenance burden is justified — an approach that aligns resources with measurable need. (github.com)

Costs and risks​

  • Technical debt and divergence: Maintaining backports on an older codebase increases complexity and the chance of regressions. The more 115 deviates from the mainline code, the harder and slower every subsequent security fix becomes.
  • False security comfort: A supported browser on an end‑of‑life OS might create a false sense of invulnerability. Users must understand the difference between application‑level security updates and platform security updates that only Microsoft or Apple can provide.
  • Ecosystem friction: Add‑on signing, certificate renewals, and modern web features can create breakage scenarios for legacy builds that are out of sync with the rest of the ecosystem. Mozilla has already had to advise developers about root certificate expirations that affect older versions. (blog.mozilla.org)

What admins and power users should do now​

For IT administrators, systems integrators, and power users the Mozilla calendar and ESR policy changes are operational signals. Here’s a practical checklist to act on immediately.
  • Inventory: Identify all devices that are running Windows 7, Windows 8/8.1, or older macOS releases and track which Firefox build they are using.
  • Risk categorization: Classify those devices by role and exposure (public internet access, handling sensitive data, critical infrastructure vs. isolated legacy appliances).
  • Upgrade path planning:
  • Prioritize upgrades for high‑exposure and high‑value endpoints.
  • Where upgrades aren’t possible, consider isolating the workstation on segmented networks or providing gateway proxies that mediate web traffic.
  • ESR policy enforcement: For enterprise fleets, use Firefox’s enterprise policies to control automatic updates and to pin or unpin ESR versions as needed. The enterprise release notes explain the lifecycle mechanics and the backport policy differences between ESR streams. (support.mozilla.org)
  • Monitor Mozilla announcements: The March 2026 re‑evaluation is a clear milestone; watch Mozilla’s release calendar and support documentation for the final decision and any emergency patch plans. (wiki.mozilla.org)

Why the story matters beyond Firefox users​

The continuing presence of legacy OS installs is not unique to Mozilla or Firefox; it’s an enduring reality across the software ecosystem. The way Mozilla chooses to support or drop older platforms provides a useful test case for other software vendors: should public interest in security ever override the cost of long‑tail maintenance?
The decision to extend ESR 115 is notable because most major browser vendors moved away from legacy OS support years ago. By maintaining a legacy ESR branch, Mozilla has positioned itself as an important safety valve for users stranded on unsupported platforms — but that role is finite and costly.
Industry observers should view this as an early warning signal: as Windows 10 and Windows 11 churn and macOS advances, the friction of supporting long‑outdated runtimes only grows. Eventually, hardware and OS vendors must be the primary guarantors of security; application vendors can only provide stopgap protections.

Verifiable facts and caveats​

  • Verified: Mozilla’s support pages and the release calendar document the ESR 115 arrangement and state that 115 became the compatibility branch for older platforms. (support.mozilla.org, wiki.mozilla.org)
  • Verified: ESR 128 is the ESR branch intended for currently supported operating systems; enterprise documentation indicates that enterprise changes will not be backported to 115 in most cases. (support.mozilla.org)
  • Caveat: Any specific share numbers for how many Firefox users still run Windows 7 or other legacy OS versions are dynamic telemetry figures that change over time; they are best understood as snapshots rather than immutable facts. Reports that quote precise percentages are useful for context but should be revisited for accuracy before being used in operational decision‑making. (ghacks.net, github.com)
If a statement in the public conversation refers to an exact percentage of Firefox users on Windows 7, treat that figure as provisional and seek the live telemetry or a dated export from Mozilla’s Public Data Report if an exact number is required for planning.

Longer-term implications and closing analysis​

Mozilla’s repeated six‑month extensions for ESR 115 reveal a pragmatic, cautious posture: extend protection while there’s clear user need, but set a finite review point so that engineering costs do not compound indefinitely. That posture protects users in the near term while signaling a path toward an eventual end-of-life that will require migration.
For end users, the takeaway is simple and serious: while the browser may continue to receive security patches for now, running an unsupported operating system remains risky. Browser updates reduce some attack vectors, but they cannot fix OS kernel vulnerabilities, driver bugs, or platform services that the operating system vendor no longer patches.
For enterprises and administrators, the calendar extension buys time — not permanence. Use the extension window to finalize migration plans, to harden legacy endpoints where migration is impossible, and to communicate to stakeholders that browser support alone is not an adequate security program for long-term operations.
Mozilla’s ESR policy and release calendar provide structure and predictability — and the March 2026 check‑in is a clear deadline. Expect continued incremental extensions only if telemetry and resource calculus justify the effort; otherwise plan for a final cutover that will require all affected users to run modern OS versions or adopt alternative, supported platforms.
The practical balance Mozilla seeks — between protecting at‑risk users and closing technical debt — is understandable and defensible. The political question beneath this technical decision is a broader one: how should the software ecosystem allocate responsibility for the security of long‑tail users when platform vendors have stopped doing so? Mozilla’s ESR extensions are an imperfect but meaningful interim answer: temporary shelter for stranded users, with an explicit expiration date and an operationally transparent decision process. (wiki.mozilla.org, support.mozilla.org)
Conclusion: Mozilla’s extension of Firefox ESR 115 support through March 2026 buys time and reduces immediate risk for a measurable population still on legacy desktops, but it is not a substitute for upgrading operating systems or modernizing fleets. Treat the extension as a finite safety net, not a new long‑term guarantee, and plan accordingly. (ghacks.net, support.mozilla.org)
Source: gHacks Technology News Mozilla extends Firefox ESR 115 support for Windows 7, 8 and 8.1, macOS 10.12 to 10.14 until March 2026 - gHacks Tech News
 

Click to expand...
Mozilla has once again pushed the safety net for users on older operating systems, confirming that Firefox ESR 115 will continue to receive security patches on Windows 7, Windows 8/8.1 and macOS 10.12–10.14 through at least March 2026 — a six‑month extension to the Extended Support Release that keeps the browser patched on platforms that vendors no longer protect. (techspot.com)

ESR 115: final March 2026 security update for Windows 7/8.1 and macOS 10.12-10.14.Background: why ESR 115 exists and who it helps​

When Mozilla shipped Firefox 115 in July 2023 it simultaneously designated that build as the last full-feature release compatible with older desktop platforms such as Windows 7, Windows 8/8.1 and macOS Sierra/High Sierra/Mojave. Instead of abandoning those users outright, Mozilla moved installations on those systems onto the Firefox Extended Support Release (ESR) channel — a branch intended for stability and focused security backports rather than continuous feature delivery. (support.mozilla.org)
ESR builds historically exist to give organizations and users longer, predictable maintenance windows. In this case, ESR 115 became a pragmatic “legacy branch” that allowed Mozilla to provide critical security updates to people who, for hardware, compatibility, or operational reasons, have not upgraded their OS. That same strategy is what has kept Firefox the last mainstream browser deliberately supporting Windows 7-era clients. (ghacks.net)

What changed: timeline and the latest extension​

Key timeline points​

  • Firefox 115 shipped in July 2023 and was identified as the final feature release for older OSes. (wiki.mozilla.org)
  • Mozilla initially set ESR 115’s end-of-life for late 2024, but usage figures and operational considerations prompted successive extensions. Early communications from Mozilla’s release team documented a six‑month extension in September 2024 and another in February 2025. (groups.google.com)
  • On September 4, 2025 Mozilla updated the ESR planning so that ESR 115 support for Windows 7 – 8.1 and macOS 10.12 – 10.14 continues through March 2026, with a re‑evaluation scheduled for early 2026. This is the most recent extension and applies only to security and major bug fixes on ESR 115 builds running on those legacy platforms. (ghacks.net, techspot.com)

What this extension actually covers​

  • Security patches and critical bug fixes only. New features, UI changes, and modern platform integrations will be delivered exclusively to Firefox running on actively supported OS versions (Windows 10/11, macOS 13–15, etc.). (support.mozilla.org)
  • Application-level fixes only; not OS patches. Mozilla’s commitment is limited to the Firefox binary and its components — it does not replace or substitute for Microsoft or Apple security updates for the operating system. Users remain exposed to any unpatched OS vulnerabilities.

Why Mozilla keeps extending ESR 115: numbers, trade‑offs and engineering pain​

Maintaining a legacy branch is a classic cost-versus-benefit decision: the benefit is protecting a measurable number of users; the cost is growing engineering complexity and maintenance overhead as the legacy branch diverges from mainline Firefox.
  • Telemetry and user counts matter. Mozilla’s decision to continue ESR 115 maintenance has been explicitly tied to telemetry showing a non‑negligible population of Firefox users still on older OS releases. Third‑party reporting and community posts have pointed to those figures as the rationale for repeated six‑month extensions. Telemetry snapshots change frequently, so the balance can shift; Mozilla has committed to reassessment at set intervals. (ghacks.net, groups.google.com)
  • Backport complexity rises over time. Every new Firefox feature, platform API change, or cryptographic update in the mainline branch potentially increases the difficulty of backporting a security fix cleanly into ESR 115. Test infrastructure, QA cycles, and specialized build environments are required to keep older binaries secure — all of which cost time and money. Mozilla has repeatedly said it will limit backports to high‑risk security and quality fixes because deeper backports are unsustainable. (groups.google.com)
  • Ecosystem friction. Certificates, extension signing, and evolving web standards can cause older browser builds to break in subtle ways even if the browser binary receives security patches. For example, root certificate rotations or new TLS requirements may reduce compatibility for legacy clients despite security backports to Firefox itself.

The practical reality for users on legacy systems​

What ESR 115 continuing updates mean — and do not mean​

  • If you must remain on Windows 7, 8/8.1, or macOS 10.12–10.14, ESR 115’s extended maintenance is better than nothing: critical vulnerabilities in the Firefox codebase should be patched through March 2026. (ghacks.net)
  • However, ESR 115 patches do not make an unsupported OS secure. Platform-level attack vectors (kernel exploits, unsigned driver vulnerabilities, obsolete system libraries) are outside Mozilla’s control. Treat ESR backing as partial mitigation rather than a permanent solution.
  • New web features and modern web APIs will not be backported. Sites that adopt the latest web standards, new cryptographic protocols, or modern media pipelines may degrade or stop working correctly on older browsers over time, even if security patches continue.

Immediate actions for users and admins​

  • Confirm which Firefox channel you are running. If you’re on a legacy OS and want security updates, ensure you’re on Firefox ESR 115 and that auto‑updates are enabled. (support.mozilla.org)
  • Prioritize OS upgrades where feasible. Upgrading to a vendor‑supported platform (Windows 10/11 or modern macOS) is the only way to receive full browser features and the broadest security coverage. Microsoft’s official lifecycle pages note Windows 10 support ends on October 14, 2025; after that, relying solely on app‑level patches is riskier. (support.microsoft.com)
  • If hardware blocks an OS upgrade, evaluate migrating the machine to a supported Linux distribution that can run a modern browser stack. For many older PCs, lightweight, security‑focused Linux distros are a practical path to continued security updates and modern browsers. (ghacks.net)
  • For organizations, consider scoped mitigations: network filtering, endpoint isolation, strict application whitelisting, and reducing attack surface for legacy endpoints while planning migration. These operational controls complement Mozilla’s browser patches.

Industry context: who else dropped support and why this matters​

By early 2023 most Chromium‑based browsers had dropped support for Windows 7/8.1 after Chromium moved its minimum supported platform forward. Google Chrome, Microsoft Edge (Chromium), Opera and other mainstream Chromium forks abandoned those older Windows releases; Mozilla’s continued ESR support left Firefox as the last major cross‑platform browser still offering targeted security updates for that generation of OSes. That makes Mozilla’s decision unusual but important for users who have limited upgrade options. (en.wikipedia.org, wiki.mozilla.org)
The broader implication is simple: as the platform ecosystem moves on, fewer vendors will test or ship binaries for old OS releases. That increases the maintenance burden for anyone choosing not to upgrade, and it concentrates responsibility for security onto fewer parties — a fragile position for long‑tail users.

Technical and security trade‑offs: a closer look​

Strengths of Mozilla’s interim approach​

  • Reduces immediate exposure for many users. A patched browser closes common web‑delivered attack paths that rely on browser vulnerabilities. This materially reduces the risk of drive‑by downloads and certain classes of remote compromise even on unsupported OSes.
  • Predictable maintenance window. By committing to a timeline and periodic reassessments (every six months), Mozilla provides organizations and users with clarity to plan migrations or apply mitigations. (groups.google.com)

Risks and limitations​

  • False sense of security. Users may interpret browser updates as a signal that their machine is fully secure. This is not the case: OS‑level vulnerabilities, outdated cryptographic libraries, and missing driver patches remain critical exposures. Mozlla’s security patches for Firefox do not change the fact that the OS is unsupported by its vendor.
  • Rising maintenance cost and regression risk. The more ESR 115 diverges from mainline code, the harder future security fixes become to backport correctly. That raises the risk of regressions or missed fixes in the legacy branch. Mozilla has explicitly limited approvals to critical fixes for this reason. (groups.google.com)
  • Ecosystem decay. Over time, web services, extension authors, and certificate chains may stop being compatible with older clients. Even a patched browser can fail to negotiate modern TLS or support new web platform features, degrading the user experience and potentially disabling key services.

How Mozilla made the decision: evidence and communications​

Mozilla’s public support pages and internal release communications show a pattern of data‑driven, periodic reassessments. The release manager’s group posts in 2024 and 2025 documented initial extensions and the limited scope of ongoing maintenance (security/quality only). These messages were reflected in the ESR release calendar entries and subsequently surfaced in reporting across the tech press. Observers in community forums picked up calendar notes indicating the most recent extension to March 2026. (groups.google.com, fx-trains.herokuapp.com)
A note of caution: telemetry numbers cited by outlets are snapshots. The share of Firefox users on older OS versions changes with time, and Mozilla’s internal threshold for continuing support is not public in granular detail. Any precise percent figures reported in the press should be treated as time‑bound data points rather than immutable facts. (ghacks.net, en.wikipedia.org)

Practical upgrade and mitigation playbook (step‑by‑step)​

  • Identify: check which OS and Firefox channel your machines run. On Windows, use Settings → About; on macOS, About This Mac. In Firefox, go to Help → About Firefox to see the channel and version. (support.mozilla.org)
  • Prioritize: classify devices by upgrade feasibility — hardware capable of Windows 11, hardware that can be upgraded to a modern macOS, and hardware that cannot be upgraded.
  • Upgrade where possible: schedule Windows 10→11 upgrades (or macOS upgrades where hardware permits). Keep in mind Microsoft’s Windows 10 end-of-support date of October 14, 2025 when scheduling migrations. (support.microsoft.com)
  • For non‑upgradable devices: consider moving to a modern Linux distribution and install a maintained browser; this can be faster and safer than remaining on an unsupported OS. (ghacks.net)
  • Harden in place: enable host firewalling, remove unnecessary services, run up‑to‑date endpoint protection, apply application whitelisting, and restrict administrative privileges. These steps reduce exposure if full OS upgrades aren’t immediate.
  • Monitor: subscribe to vendor advisories and Mozilla’s ESR release notes. Plan for re‑evaluation milestones (Mozilla has signaled reassessments at six‑month intervals). (groups.google.com)

What to expect next: signals and likely outcomes​

  • Short term (through March 2026): ESR 115 will keep receiving high‑risk security and select bug fixes for the legacy OS builds. Expect occasional emergency security point releases if active exploits are discovered. (ghacks.net)
  • Early 2026 re‑evaluation: Mozilla has committed to revisiting the decision in early 2026 and will announce whether support will be extended again. The outcome will depend on the size of the legacy user base and the continuing engineering cost of backports. (ghacks.net, groups.google.com)
  • Longer term: it is plausible Mozilla will phase out ESR 115 support eventually; sustaining indefinite support for a legacy branch is expensive and technically limiting. Organizations and individual users should therefore plan migrations rather than count on perpetual extensions.

Final analysis: strengths, risks and the responsible path forward​

Mozilla’s repeated extensions of Firefox ESR 115 for Windows 7 and older macOS releases are a pragmatic, user‑centric decision that buys time for a sizable — if diminishing — population of users who can’t immediately upgrade. That is the measure of Mozilla’s stewardship: prioritizing safety for real users while signalling constraints and limits to continued maintenance. (ghacks.net, groups.google.com)
At the same time, the arrangement is inherently temporary and partial. Security is layered, and a patched browser on an unsupported OS is only one layer. The fundamental problem — the underlying OS and some system libraries no longer receiving vendor patches — remains unresolved. That is the primary risk: reliance on ESR 115 must never substitute for a migration plan to a maintained platform.
In short:
  • Strength: ESR 115 extension reduces immediate browser‑level attack surface and gives breathing room to users and organizations. (ghacks.net)
  • Risk: ESR maintenance does not eliminate OS‑level exposure and will grow costlier to maintain over time, increasing the chance of eventual forced cut‑off.
The responsible path forward is clear: use Mozilla’s extended support as a bridge, not a destination. Plan upgrades, apply operational mitigations, and treat every extension announcement as a reminder that long‑term security requires current, vendor‑supported platforms. (support.microsoft.com, ghacks.net)
Firefox’s continued ESR support gives older machines a little more runway — and that runway matters for users and organizations who face practical constraints. But the extension is finite, scoped, and narrow in purpose: a targeted protective measure, not a replacement for platform support. The time to plan and act is now. (techspot.com, support.microsoft.com)
Source: TechSpot Mozilla extends Firefox support for Windows 7 and older macOS until 2026
 

Mozilla has once again pushed the end-of-life deadline for Firefox 115 ESR on legacy desktop platforms: the Extended Support Release that remains the only mainstream Firefox build compatible with Windows 7, Windows 8 and Windows 8.1 will now receive security updates through March 2026, with Mozilla planning a formal re‑evaluation of the decision in February 2026. (whattrainisitnow.com, support.mozilla.org)

Firefox ESR 115 infographic showing extended security updates for Windows 7/8.x via backporting.Background​

Mozilla shipped Firefox 115 (the Old ESR branch) in July 2023 as the final release compatible with pre‑Windows 10 desktops and several older macOS releases. After Microsoft ended mainstream support for Windows 7 and 8.x, Mozilla initially planned to move users on those platforms to the ESR channel and retire further updates; since then, the ESR 115 lifecycle has been extended multiple times to give remaining users continued security fixes while the organization balances engineering cost and user safety. (support.mozilla.org, groups.google.com)
The change is reflected on the community-maintained release calendar and Mozilla’s support documentation: ESR 115 remains the landing branch for users running unsupported Windows or older macOS releases, and Mozilla’s release team has explicitly limited maintenance to critical security and high-impact quality fixes rather than feature backports. (whattrainisitnow.com, support.mozilla.org)

What Mozilla announced and what it actually means​

Short version​

  • What changed: ESR 115 support for Windows 7, 8 and 8.1 (and macOS 10.12–10.14) has been extended to March 2026. Mozilla will reassess that timeline in February 2026. (whattrainisitnow.com)
  • What stays the same: Firefox 116+ requires Windows 10 or later; ESR 115 remains the last officially supported branch for the legacy OS lineup. Mozilla is restricting the ESR 115 approval scope to security and critical quality fixes only. (support.mozilla.org, groups.google.com)

Why the staggered approach​

Mozilla has been running two parallel ESR tracks for some time: one (115.x) that continues to support older systems, and a newer ESR (128 and then 140+) that targets modern Windows and macOS releases. That split exists because moving the entire Firefox codebase forward and integrating newer third‑party libraries and platform APIs would break compatibility with older kernels, system libraries, and drivers. Maintaining a frozen ESR for legacy platforms allows Mozilla to backport security fixes without forcing feature-level changes that would fail on unsupported OSes. (support.mozilla.org, whattrainisitnow.com)

The engineering trade-offs: why supporting old Windows is costly​

Mozilla engineers have been candid about the technical debt and divergence incurred by supporting long-retired operating systems. As an ESR ages, upstream libraries, compiler toolchains, and third‑party dependencies move on: APIs change, upstream projects drop legacy platform support, and automated build and test infrastructure must keep older images alive. That requires manual backports and additional testing cycles — work that grows less efficient over time. A Mozilla release manager has described backporting as “increasingly painful due to the divergence which naturally happens over time.” (windowscentral.com)
This pain is not academic. Practical consequences include:
  • Longer triage and QA cycles for every security patch applied to ESR 115.
  • Risk that a critical upstream fix cannot be backported cleanly, forcing Mozilla to rework or leave a vulnerability unpatched.
  • Continued maintenance of legacy CI images, tooling and test machines — an infrastructure cost that scales with duration.
  • The need to selectively limit fixes to high‑severity issues to keep resource costs bounded. (groups.google.com)
Those costs explain why most browser vendors cut legacy support earlier: it simplifies code paths, enables use of modern libraries, and reduces the regression surface for new features.

The user-side reality: who benefits and who’s at risk​

For a subset of end users — hobbyists, corporate fleets with legacy hardware, and regions where upgrading is expensive or impractical — this extension is an important safety valve. Firefox ESR 115 provides a maintained, familiar browsing environment for older machines that cannot meet Windows 10/11 requirements or where device replacement is not an option. Several outlets and community reports have noted that a non‑negligible slice of Firefox users still run Windows 7, which is a key reason Mozilla keeps offering ESR 115 updates. (ghacks.net, reddit.com)
That benefit comes with stark caveats:
  • No feature updates: ESR 115 will not receive modern feature work or broader compatibility improvements; it is being held to receive only security and critical quality fixes.
  • Residual platform risk: Windows 7/8 were declared unsupported by Microsoft years ago, meaning OS-level security patches are no longer issued to mainstream users. A browser can only mitigate some attack vectors — not vulnerabilities in obsolete OS components. (support.mozilla.org)
  • Eventual EOL inevitability: Each extension buys time, not permanence; Mozilla’s explicit re‑evaluation dates mean the product could still be retired in February/March 2026 or later. (whattrainisitnow.com)

How this compares to the rest of the browser market​

Google Chrome and Microsoft Edge removed Windows 7/8/8.1 support earlier; as a result, Mozilla has for a period been the only major browser issuing official security fixes for those legacy Windows builds. That positioning has been covered repeatedly by technology press and community sites; it’s both a support differentiator for users who refuse or cannot upgrade, and a maintenance burden for Mozilla. (neowin.net, pcworld.com)
That divergence also produces an ecosystem effect:
  • Sites and extensions increasingly assume modern browser engines and APIs, which are absent or degraded on older builds.
  • Web compatibility regressions are more likely on ESR 115 over time, raising user friction for some websites and web apps.

Security analysis: staying safe on an unsupported OS​

Running an unsupported operating system presents elevated risk regardless of browser lifecycle. Browsers can mitigate certain web‑facing threats, but cannot patch kernel exploits, driver issues, or OS services. The practical security posture for users on legacy Windows should include:
  • Keep Firefox 115 ESR fully patched with the latest ESR updates as they ship. Mozilla will continue to push critical fixes to ESR 115 until the stated extension date. (whattrainisitnow.com)
  • Harden the install: disable unnecessary add‑ons, reduce attack surface via content blocking, and turn off telemetry or built‑in features that may introduce risk if desired. (Hardening recipes for legacy Firefox installs are available in community guidance, but they demand technical care.)
  • Isolate web use where possible: run web browsing in a dedicated user account, keep sensitive operations off legacy machines, and prefer two‑factor authentication and password managers that synchronize outside the device.
  • Consider virtualization: if hardware can run a modern Linux distribution or a supported Windows in a VM, isolate browsing into that environment to gain recent OS-level protections.
Mozilla cautions users that ESR 115 is a stopgap, not a panacea; the organization explicitly recommends migration to supported platforms for full protection. (support.mozilla.org)

Practical guidance for consumers and IT admins​

For readers who manage or rely on older desktops, here’s a prioritized checklist to reduce risk and plan migration.
  • Audit your estate now. Identify devices still running Windows 7/8/8.1 and classify them by business-criticality and hardware capability.
  • Apply ESR updates immediately. Ensure ESR 115 installations receive regular updates until the branch is retired. If automatic updates are disabled, re-enable them or centralize updates via deployment tooling. (support.mozilla.org)
  • Harden browser configuration. Use built-in content blocking, disable legacy plugins, and restrict extensions to a vetted list.
  • Plan for migration. Prioritize devices that handle sensitive data for OS upgrades, hardware replacement or migration to a supported Linux distribution.
  • Consider containment. For machines that must remain on legacy Windows, use sandboxing, network segmentation, and policy-based access controls to limit exposure.
  • Prepare for EOL. Establish a contingency: if ESR 115 support ends for your platform with short notice, you should have a tested alternate browser or environment (VMs, Linux live systems, alternative devices) ready to adopt. (support.mozilla.org)

Enterprise and education implications​

Enterprises often prefer ESR channels for stability and centralized update control. Mozilla’s twin‑track ESR strategy complicates lifecycle planning for organizations that still have legacy hardware. IT teams must weigh three competing priorities:
  • Security: Staying on a maintained ESR is safer than running an unpatched mainline browser on an unsupported OS.
  • Compatibility: New ESRs bring features and modern web platform compatibility; organizations maintaining legacy device fleets may face compatibility gaps if they choose to remain on an older ESR.
  • Cost: Upgrading large fleets to a newer OS or replacing endpoints is expensive; extending ESR support lowers immediate upgrade pressure but defers long‑term modernization.
For enterprises, the recommended path is to use the ESR timeline to buy planning and procurement time while executing phased upgrades. Mozilla’s ESR documentation explains upgrade sequencing between major ESR versions and the overlap windows that enterprise deployments should use for orderly migration. (support.mozilla.org)

The politics of product management: why Mozilla keeps extending support​

Mozilla’s repeated extensions are not just technical decisions — they reflect product and community priorities. Several forces influence the choice to sustain ESR 115:
  • User base loyalty: A vocal portion of Firefox users remains on older Windows installs. Shelving them abruptly would cause immediate user friction and community pushback.
  • Competitive posture: By maintaining a supported browser on legacy systems, Mozilla preserves a market for users who do not want to migrate to Chromium‑based offerings or who prioritize Firefox’s privacy and extension model.
  • Resource allocation: Mozilla is balancing scarce developer time between modern feature work and legacy backports; the organization has signaled it will limit ESR 115 fixes to critical items only to keep the burden manageable. (groups.google.com, windowscentral.com)
That balancing act is visible in the public communications from Mozilla’s release team and in the staged re‑evaluation dates: they give the organization controlled, time‑boxed options to continue, pause or end maintenance depending on user telemetry and available engineering bandwidth. (groups.google.com, whattrainisitnow.com)

Risks of continued support — and the counterarguments​

Supporting legacy OSes longer than vendors typically would can have unintended consequences.
  • Complacency risk: Users may delay necessary OS upgrades because they feel “covered” by a maintained browser, keeping endpoints exposed to non‑browser threats.
  • Engineering drag: Backports consume developer cycles that could otherwise accelerate security hardening or modernization on current platforms.
  • Compatibility freeze: Legacy ESR builds can’t adopt modern web standards, pushing developers and sites to implement feature detection or degrade experiences for those users.
Counterarguments from the community and Mozilla’s product leadership include:
  • Pragmatism for real users: Some organizations simply cannot upgrade due to hardware constraints or legacy applications; leaving them with a secure browser is materially safer than leaving them entirely unsupported.
  • Gradual migration: Time-limited extensions can smooth transitions by allowing procurement and testing cycles to complete rather than forcing sudden breaks.
Both sides have merit; the right policy depends on risk tolerance, the distribution of legacy devices in a given environment, and resources available for upgrades.

Timeline and what to watch for​

  • ESR 115 support for Windows 7/8/8.1 and macOS 10.12–10.14: extended to March 2026. Mozilla will re‑evaluate in February 2026 and announce updates to ESR 115’s end‑of‑life then. (whattrainisitnow.com)
  • ESR release cadence and migration: Mozilla provides an overlap window between ESR releases; organizations planning bulk updates should consult ESR release notes and schedule windows to coordinate testing and rollout. (support.mozilla.org)
  • Watch for formal Mozilla notices in the weeks around February 2026 and for any last‑minute emergency fixes that Mozilla may backport to ESR 115 if a critical vulnerability is discovered prior to retirement.

Bottom line: a pragmatic extension, not a long-term solution​

Mozilla’s decision to extend Firefox 115 ESR support to March 2026 is a pragmatic compromise: it protects a still-significant set of users for a limited time while signalling that the burden of indefinite backports is unsustainable. The extension buys breathing room for users and IT teams but does not replace the need for modernization. Organizations and individuals still running Windows 7/8/8.1 should use this interval to plan and execute migrations, harden remaining machines, and treat ESR 115 as a guarded stopgap rather than a permanent safe harbor. (whattrainisitnow.com, support.mozilla.org)

Action checklist (quick reference)​

  • Immediate (this week):
  • Confirm which machines run Windows 7/8/8.1.
  • Ensure Firefox 115 ESR installations are configured to receive updates automatically.
  • Short term (1–3 months):
  • Harden browser configs and restrict extension installs.
  • Build test images for Windows 10/11 or a supported Linux alternative.
  • Medium term (3–12 months):
  • Schedule OS upgrades, hardware refreshes or VM migrations for high‑risk machines.
  • Train staff on new OS/browser configurations and update deployment tooling.
  • Contingency:
  • Prepare a minimal fallback plan if ESR 115 support is terminated unexpectedly: VM images, alternate browsers on supported OS templates, and segmented network access for legacy devices.
Mozilla’s repeated ESR 115 extensions reflect a trade‑off between pragmatic user support and the accelerating costs of maintaining divergent legacy code paths. The next re‑evaluation in February 2026 will be the decisive moment; until then, the prudent approach for both consumers and IT teams is to treat the extension as temporary shelter, harden systems in place, and accelerate migration plans so that when ESR 115 is finally retired, exposure has been minimized. (whattrainisitnow.com, groups.google.com)
Source: Neowin Mozilla extends Firefox support on Windows 7 once again
 

Mozilla has quietly pushed the Firefox 115 Extended Support Release (ESR) safety net forward again: security updates for Firefox 115 on legacy desktops — specifically Windows 7, Windows 8, Windows 8.1 and older macOS builds — will continue through March 2026, with Mozilla planning a formal re‑evaluation in February 2026. (ghacks.net)

A computer workstation with Firefox ESR 115 displayed on the monitor, a laptop, and a March 2026 calendar.Background: why ESR 115 exists and who it helps​

When Mozilla shipped Firefox 115 in July 2023 it also designated that build as the last feature release compatible with pre‑Windows 10 desktops and several older macOS versions. To avoid leaving millions of users with an unpatched browser, Mozilla moved installations on those systems onto the Firefox Extended Support Release (ESR) channel so the organization could continue delivering targeted security backports rather than full feature updates. (support.mozilla.org)
The ESR model is purpose‑built for stability and long maintenance windows: it limits changes to high‑risk security and quality fixes so organizations and users can run a predictable, hardened build for longer. Mozilla’s public ESR policy makes clear that ESR maintenance focuses on critical security fixes and occasionally emergency backports, not ongoing feature development. (support.mozilla.org)
Mozilla’s approach contrasts with most mainstream browser vendors. Google Chrome and Microsoft Edge stopped supporting Windows 7 and 8.x in early 2023; Mozilla’s ESR work has therefore left Firefox as the last major browser actively patching security defects for those older Microsoft operating systems. (bleepingcomputer.com)

What Mozilla announced — the facts, verified​

  • Mozilla updated its ESR planning to show continued point releases for Firefox ESR 115 for legacy platforms through March 2026, and stated it will re‑evaluate the decision in February 2026. This schedule appears in public release‑calendar updates and was highlighted by multiple industry outlets reporting the change. (ghacks.net)
  • The ESR 115 branch will receive security and high‑impact quality fixes only for those legacy platforms; no new features, no modern platform integrations and no broad functional enhancements will be backported to ESR 115 for Windows 7/8/8.1. That limitation is consistent with Mozilla’s ESR policy and repeated communications from the release team. (support.mozilla.org, groups.google.com)
  • Mozilla’s release management has repeatedly explained the choice as pragmatic: telemetry shows a measurable fraction of Firefox users still run older Windows and macOS releases, and continuing ESR 115 maintenance is judged by Mozilla to reduce near‑term risk for that population while buying time for upgrades. (groups.google.com, ghacks.net)
These are the core, load‑bearing facts of the story: extension to March 2026, security‑only scope, and a planned re‑evaluation window in early 2026.

Why Mozilla keeps extending ESR 115: numbers, trade‑offs and engineering pain​

A measurable user base​

Mozilla’s public telemetry and community reporting have repeatedly shown a non‑negligible proportion of Firefox desktop users still on pre‑Windows 10 platforms. Recent snapshots cited by industry coverage put Windows 7 users in the single‑digit percentage range of Firefox’s global desktop population (figures like ~6.7% have been quoted in reporting based on Mozilla’s public dashboards), though such telemetry is a moving target and regional patterns vary widely. Treat these percentages as snapshots rather than immutable facts. (ghacks.net)

Backporting complexity and maintenance cost​

Supporting a legacy branch is not free. Over time the main Firefox codebase adopts modern platform APIs, new third‑party libraries, updated cryptography stacks and fresh tooling. Backporting a security patch into an older ESR fork often requires:
  • Recreating or maintaining legacy build/test images and CI runners.
  • Rewriting fixes to avoid modern APIs and dependencies that don’t exist on old OSes.
  • Additional QA cycles to ensure backports don’t regress compatibility with legacy drivers or system libraries.
Mozilla engineers and release managers have described this divergence as “increasingly painful,” which explains why the ESR scope is intentionally narrow and why extensions have been short, time‑boxed windows. (groups.google.com)

Pragmatism vs. forward progress​

The argument for continued ESR 115 maintenance is pragmatic: for users who truly cannot upgrade (older hardware, locked legacy corporate applications, or constrained procurement cycles), a patched browser is materially safer than an unpatched one. The counterargument warns that such lifelines risk creating complacency and prolonging exposure to unpatched OS‑level risks that a browser patch cannot fix. Balancing those perspectives is the policy exercise Mozilla is running with its staggered extensions and explicit re‑evaluation dates.

What this means for users on Windows 7, 8, and 8.1​

Short version​

  • If you are still on Windows 7/8/8.1 and using Firefox, you will remain on Firefox 115 ESR and will continue to receive security‑only updates through March 2026, with a re‑evaluation to follow. You will not receive new Firefox features or modern platform improvements. (support.mozilla.org, ghacks.net)

Practical implications — immediate and long term​

  • Security benefit: Critical browser vulnerabilities patched on ESR 115 will be delivered to legacy clients, reducing the window of exposure to exploitation that targets Firefox itself.
  • Residual risk: ESR 115 updates do not patch the operating system. Kernel exploits, unpatched drivers, legacy SMB or RDP vulnerabilities, and other OS‑level attack surfaces remain open because Microsoft and other OS vendors no longer issue security updates for those platforms. ESR patches reduce but do not eliminate risk.
  • Compatibility erosion: As the web moves forward, older browsers lose compatibility with new protocols, certificate chains and web platform features; some modern sites may degrade or fail. ESR 115 will not be able to keep pace with new web APIs. (support.mozilla.org)

Recommended immediate steps for legacy users​

  • Verify your Firefox build: confirm you’re running Firefox 115 ESR if you must remain on older Windows. ESR builds receive the targeted security patches Mozilla will continue shipping.
  • Harden the endpoint: run a reputable endpoint protection product, disable unnecessary services, use strong network segmentation and apply application whitelisting where feasible.
  • Plan an upgrade path: treat March 2026 as a hard planning milestone to complete OS migrations or evaluate alternatives such as lightweight Linux distributions for aged hardware. Mozilla itself recommends moving to Windows 10/11 or to supported Linux distros for longer‑term safety. (ghacks.net)

What organizations and IT teams should do now​

  • Inventory: identify all devices still on Windows 7/8/8.1 and tag which ones rely on those OSes for business‑critical apps.
  • Prioritize: assign remediation priority by risk—public‑facing machines and users with elevated privileges first.
  • Plan migration paths:
  • Upgrade hardware and Windows where possible (Windows 10 or 11).
  • Where hardware is too old, evaluate supported Linux distributions like Linux Mint or Ubuntu LTS as pragmatic alternatives.
  • Use ESR as a controlled stopgap: rely on Firefox 115 ESR security updates to buy time, not as a permanent solution.
  • Monitor Mozilla communications and the February 2026 re‑evaluation window for any changes that would shorten or extend the support timeline.

The ecosystem context: who else dropped legacy support and when​

  • Google Chrome: the Chromium project removed Windows 7 and Windows 8.1 support in early 2023 (Chrome 110 timeframe); users on those OSes no longer receive Chrome feature or security updates after that cutoff. (bleepingcomputer.com)
  • Microsoft Edge: Edge version 109 was the last to support Windows 7/8.1; Edge required Windows 10 or later for version 110 and beyond, with the support removal aligned to Microsoft’s OS lifecycle changes in January–February 2023. (learn.microsoft.com, bleepingcomputer.com)
Mozilla’s continued ESR work therefore leaves Firefox as the last mainstream browser actively shipping security backports to those older Windows versions — a position that has made these extensions disproportionately visible to users and pundits. (windowscentral.com, neowin.net)

Technical boundaries: what Mozilla will and won’t fix on ESR 115​

  • Will fix:
  • High‑severity security vulnerabilities in the Firefox application codebase that can be backported safely.
  • Emergency patches for active exploitation scenarios judged critical by Mozilla’s security teams.
  • Will not fix:
  • New features, substantial stability or performance enhancements.
  • OS‑level vulnerabilities (kernel, drivers, system services).
  • Deep dependency upgrades that require modern platform features or APIs not available on legacy systems. (support.mozilla.org, groups.google.com)
This constraint means ESR 115 is a surgical maintenance channel, suitable for short‑term risk reduction but unable to close the broader security gap caused by an unsupported operating system.

Risk assessment: short‑term safety versus long‑term exposure​

  • Benefit: ESR 115 reduces immediate risk for users who cannot upgrade quickly by ensuring browser‑level attack vectors are patched.
  • Cost: continuing to support legacy platforms consumes engineering resources and encourages (in some cases) delayed OS upgrades.
  • Net effect: for organizations with genuine upgrade constraints, ESR 115 extensions are a defensible harm‑reduction step — but they are not a substitute for an OS upgrade program.
Mozilla’s re‑evaluation cadence (six‑month extensions and explicit deadlines) reflects a policy designed to time‑box the trade‑off rather than let legacy support become indefinite. (groups.google.com)

SEO note: what Windows 7, 8 and 8.1 users should search for next​

  • “Firefox ESR 115 security updates”
  • “Firefox support Windows 7 March 2026”
  • “How to upgrade Windows 7 to Windows 10/11”
  • “Best Linux distributions for old PCs”
  • “Mitigations for unsupported Windows versions”
These search phrases will surface maintenance pages, migration guides and security advisories that are most relevant to users and administrators managing legacy endpoints.

Unverifiable or time‑sensitive claims — flagged​

  • Exact telemetry numbers (for example, the precise percentage of Firefox users on Windows 7) are snapshots that change weekly. Third‑party reports have quoted figures around 6–8% for Windows 7 users in recent months, drawn from Mozilla’s public dashboards; however, the underlying telemetry is updated frequently and can vary by region and timeframe. Where exact percentages are critical, consult Mozilla’s published dashboards directly for the latest snapshot. (ghacks.net)
  • Mozilla’s position is explicitly conditional: the March 2026 extension is subject to re‑evaluation in February 2026 and could be changed. Treat March 2026 as an operational milestone, not an irrevocable guarantee. (ghacks.net)

Bottom line and timeline to act​

Mozilla’s latest extension is a pragmatic, limited‑scope decision: it buys time for users who cannot immediately upgrade while concentrating Mozilla’s engineering effort on critical vulnerability mitigation rather than ongoing feature backports. That approach keeps Firefox patched on legacy Windows desktops longer than any other mainstream browser, but it does not replace necessary OS upgrades or risk management for enterprise fleets. (ghacks.net, groups.google.com)
Key dates to bookmark internally:
  • Now–March 2026: ESR 115 receives security‑only updates on Windows 7/8/8.1 and macOS 10.12–10.14.
  • February 2026: Mozilla will re‑evaluate and announce ESR 115’s end‑of‑life plans. (ghacks.net)
For IT teams and individual users, use this window to finalize migration plans, harden remaining legacy machines, and ensure critical endpoints are either upgraded to a supported OS or isolated behind compensating controls before March 2026.
Mozilla’s decision to extend ESR 115 is a concrete example of risk‑triage in practice: a targeted safety net for a non‑trivial user base, bounded in scope and time, and explicitly designed to encourage migration rather than to perpetuate dependency on unsupported platforms. Treat the continuation of Firefox 115 ESR as short‑term mitigation — helpful, but not a replacement for the long‑term security work of moving devices to supported operating systems.
Source: TechWorm Mozilla Extends Firefox Support For Windows 7, 8, And 8.1 Until 2026
 

You must log in or register to reply here.

Similar threads

ChatGPT
  • Featured
  • Article Article
Mozilla Extends Firefox ESR Support for Legacy Windows Systems Until 2025
Replies
0
Views
670
ChatGPT
ChatGPT
ChatGPT
  • Featured
  • Article Article
Mozilla Extends Firefox ESR Support for Windows 7 & 8.1 Until September 2025
Replies
0
Views
569
ChatGPT
ChatGPT
ChatGPT
  • Featured
  • Article Article
Mozilla Ends Firefox Support for Windows 7, 8, and 8.1: What You Need to Know
Replies
0
Views
1K
ChatGPT
ChatGPT
Back
Top