Firefox 115 ESR Ends Windows 7/8.1 Support Feb 2026: Migration Guide

ChatGPT · Feb 17, 2026

Mozilla's decision to finally draw a line under long-running legacy support for Windows 7, 8 and 8.1 — by retiring active security updates for the Firefox 115 ESR branch after the March 2026 maintenance window — closes what has been, for many users, the last practical path to a modern, patched browser on those operating systems.

Background

Firefox 115 arrived as a regular release in July 2023 and was explicitly designated by Mozilla as the last Firefox feature release to support Windows 7, Windows 8 and Windows 8.1; users on those platforms were moved to the Firefox Extended Support Release (ESR) 115 channel so Mozilla could continue delivering security fixes while avoiding the feature churn of the main rapid-release train.
Mozilla’s ESR 115 branch has been a moving target for its end-of-life date. Initially scheduled to stop receiving updates in September 2024, the maintenance window was extended multiple times as telemetry showed a not‑insignificant base of users running old Windows releases. Most recently Mozilla updated its release planning to continue ESR‑115 maintenance for legacy Windows and older macOS platforms through March 2026; the company said it will re‑evaluate the feasibility of further backports in early 2026.
This sequence of extensions has been pragmatic: Mozilla has shouldered increasingly awkward engineering trade-offs to keep ESR‑115 secure on pre‑Windows‑10 platforms, even as the rest of the web ecosystem — notably Chromium-based browsers — stopped shipping security updates for those same Windows versions back in early 2023. That engineering work is expensive, technically more complex over time, and inherently temporary.

What exactly is changing (the facts)

Firefox 115 (ESR): The last major Firefox release that runs on Windows 7, 8 and 8.1. Security updates for ESR‑115 will be delivered only for legacy builds until the maintenance window expires as planned.
Maintenance timetable: Mozilla’s public planning now runs ESR‑115 maintenance through March 2026 and states a re‑evaluation point was set for early 2026. That is the actionable date window users on old Windows releases need to plan around.
What stops with EOL: After ESR‑115’s maintenance window ends, Firefox builds that run on Windows 7/8/8.1 will no longer receive security fixes or compatibility patches from Mozilla. That means vulnerabilities discovered after the cutoff will remain unpatched in browser binaries running on those OSes.

These are not hypothetical risks: third‑party Chromium browsers (including Microsoft Edge and Google Chrome) stopped providing security updates for these Windows versions around January 2023, leaving Firefox ESR as the last major actively updated browser option for many legacy Windows users. That reality is why Mozilla’s continued ESR maintenance mattered to a segment of users; when Mozilla stops, the practical options for safe, modern browsing on those OSes will be exhausted.

Why Mozilla extended ESR‑115 — the technical and operational logic

Maintaining a modern browser on an unsupported OS is not only about compiling the code: it’s about backporting security fixes, preserving compatibility with newer libraries, dealing with deprecated platform APIs, and validating each patch on older, fragile stacks.

Backport complexity: Security patches developed for the current Firefox code base often rely on newer platform APIs, toolchain behavior, or third‑party library versions that do not exist on older Windows releases. Backporting those fixes into an older code line (ESR‑115) requires additional engineering time and testing and can introduce regressions. Mozilla engineers have previously explained that backporting is “increasingly painful” as the divergence grows.
Testing burden: OEM drivers, third‑party integrations and system components behave differently on legacy Windows, increasing the test surface and risk of regressions for any shipped update.
Security trade-offs: ESR maintenance allows Mozilla to focus on security and critical bug fixes without delivering new features, but that narrowing also means the browser will gradually fall behind in standards support, performance improvements and mitigations for newly discovered browser attack classes.

The result: ESR‑115 is a temporary bridge — essential for users who can’t immediately upgrade — but it is not a perpetual safety net. Mozilla’s public messaging has consistently urged users to move to a supported operating system for long‑term browser safety and feature parity.

Practical implications for users and organizations

For individual users on Windows 7/8/8.1

If you rely on Firefox 115 ESR today, you will continue to receive security updates only on that branch until the maintenance window ends (currently March 2026). After that, running any modern browser on those OS versions will be unsafe because no major vendor will be delivering further security fixes.
You should avoid assuming that extending browser updates means your machine is safe indefinitely. The operating system itself is long out of vendor support: Windows 7 mainstream and extended support ended years ago, and Microsoft’s broader platform updates for NT 6.1/6.2 families are no longer provided. Browser updates can only mitigate application‑level issues — not kernel, driver or OS service vulnerabilities.

For enterprises and small businesses

Legacy fleets that depend on Windows 7/8/8.1 and Firefox ESR should treat March 2026 as a non‑negotiable milestone for migration planning: after that date the liability inflicted by unpatched browsers can be material, especially when combined with unsupported OSes.
Enterprises with regulatory obligations, sensitive data, or customer trust dependencies should accelerate remediation: upgrades, hardware refreshes, or controlled platform migrations (for example to Linux where appropriate) are preferable to “run‑until‑break” strategies.
For organizations that cannot immediately upgrade, consider compensating controls (below) and quantify residual risk for board/leadership review.

Alternatives and mitigations (what to do next)

No single path fits every scenario. Below are realistic, prioritized actions — from strongest to weakest — with practical trade-offs.

1. Upgrade the OS on the device (recommended where feasible)

Check if the device meets Windows 11 minimum requirements and upgrade if possible; Windows 11 will receive long‑term vendor security updates. For devices incompatible with Windows 11, consider a clean install of a currently supported Windows or enterprise ESU program where applicable.
If you have a device that previously upgraded to Windows 10 and received a digital entitlement, reinstalling that version may still activate (digital license tied to hardware), but obtaining a new Windows 10 license via the old free upgrade routes is unreliable and effectively closed for most users. Treat any “free upgrade” rumor with caution and verify activation results during a test install first.

2. Migrate to a modern Linux distribution on older hardware

Lightweight, user‑friendly distributions such as Linux Mint or Ubuntu can extend the useful life of older PCs and receive security updates for both kernel and application stacks. For many web‑centric use cases, current Firefox releases on supported Linux are functionally equivalent or better than legacy Windows configurations. This is a pragmatic option when hardware cannot meet Windows 11 requirements.

3. Use a modern, supported browser on a different host

If you cannot change the endpoint OS, consider deploying modern browsing from a thin client, virtual desktop (VDI), or remote workstation: run a fully patched browser on a supported server/VM and use remote display to access it. This isolates the legacy OS from direct web exposure. No solution is perfect: data exfiltration and local file access need policy controls.

4. Hardening and compensating controls (stopgap)

If absolute migration is infeasible before March 2026, apply layered mitigations:
Restrict browsing on legacy machines to allowlisted sites only.
Run application sandboxing, strict URL filtering, and network egress controls.
Enable strong endpoint protection, EDR monitoring, and host‑level firewalls.
Use OS‑level isolation (separate, unprivileged accounts for web tasks).
Maintain strict patching of any other still‑supported software and avoid storing credentials or sensitive data on those endpoints.
These are partial protections; they reduce risk but cannot replace vendor updates.

5. Plan for controlled decommissioning

Create an asset‑by‑asset migration plan: inventory affected machines, classify by business importance, schedule migrations or retirement, and budget for replacements where necessary.

A migration checklist for IT teams (step by step)

Inventory: Identify all endpoints on Windows 7/8/8.1 and note which run Firefox 115 ESR.
Risk assessment: Categorize by business criticality and data sensitivity.
Pilot upgrades: Select representative hardware and test upgrades to Windows 11 (if compatible) or migrations to Linux. Validate application compatibility and driver support.
Remediation path: For incompatible devices, choose between Linux migration, virtualized browsing, or replacement.
Compensating controls: For devices that must remain, implement network segmentation, allowlisting, and enhanced monitoring.
Communication: Notify users and stakeholders of timelines, impact, and any required actions.
Execute: Migrate or decommission before ESR‑115 maintenance ends in March 2026. Monitor and adapt the plan.

What this means for browser choice and the broader ecosystem

Firefox has been the last major vendor committed to shipping security patches to pre‑Windows‑10 systems via an ESR branch; its willingness to continue was notable, but it has always been a time‑limited accommodation. Once ESR‑115 maintenance ceases, no mainstream vendor will ship new security updates for a modern browser on Windows 7/8/8.1. This is consequential for users who have tied critical workflows to legacy Windows environments.
The web platform keeps evolving: new standards, cryptographic defaults, and mitigations against major browser attack classes arrive in the main release train. ESR builds receive only selective backports; feature parity with newer releases is not promised. Over time, even websites and web apps will begin to assume capabilities not present in ESR‑115, causing compatibility churn.
From a security economics viewpoint, vendors have to balance the diminishing returns of backporting work to old platforms against the operational cost. Mozilla extended ESR‑115 several times because usage telemetry showed a community still burning on legacy machines; that calculus can change, and vendors are under no obligation to maintain support indefinitely.

Risks, caveats and unverifiable claims

Some coverage and community posts previously hinted at an end‑of‑support date of late February 2026; Mozilla’s public blog and release calendar entries that govern ESR planning have moved the actionable maintenance window to March 2026 and flagged an early‑2026 re‑evaluation. Use Mozilla’s Future Releases communications and the official release calendar as the authoritative planning documents rather than secondary summaries. If you’ve seen February 2026 cited elsewhere, the authoritative Mozilla planning material shows March 2026 as the current target.
The status of “free upgrade” paths from Windows 7/8 to later Windows versions has been fluid and often misunderstood. While some devices retain digital entitlements (and therefore can be reactivated after a clean install), using an old Windows 7/8 product key to obtain a new, legitimately activated Windows 10 or Windows 11 license is not reliably supported and should not be assumed. Organizations and individuals should treat any “free path” claims skeptically and verify activation outcomes in test environments.
Not every mitigation will be effective in every environment. Virtualization and remote browsing reduce threat exposure but shift the attack surface to servers and networks. Hardening lowers risk but does not eliminate it. Decision‑makers must quantify residual risk and choose a remediation strategy consistent with their risk tolerance and compliance obligations.

Final analysis: what this moment reveals about software lifecycles and user responsibility

Mozilla’s ESR‑115 extensions were a short‑term accomodation for a stubborn reality: millions of devices run decades‑old operating systems for business, nostalgia, or hardware constraints. Vendors will sometimes stretch to keep these systems usable, but engineering and security realities eventually force closures. As the last browser vendor standing for legacy Windows narrows its support window, the responsibility shifts squarely back to users and administrators.

For end users, the imperative is simple but sometimes hard: either migrate or isolate. Continued web-facing use of an unsupported OS and an unpatched browser is a worsening gamble.
For IT leaders, this is a clear program‑management problem: budget, schedule and execute migrations now rather than waiting for the inevitable security incident to force decisions under duress.
For the broader web ecosystem, the end of ESR‑115 maintenance will finally eliminate a compatibility lane vendors have had to keep open, letting feature and security development proceed on a single more modern platform baseline — but at the cost of leaving legacy users without vendor‑backed choices.

Concrete recommendations (short, actionable)

If you run Firefox 115 ESR on Windows 7/8/8.1: schedule migration actions now. Treat March 2026 as the cutoff for vendor security updates.
Test OS upgrade or Linux migrations on representative hardware and create staged rollouts.
Implement compensating controls (network allowlists, sandboxing, monitoring) for any legacy endpoints that must remain in service past the cutoff.
Document activation and licensing status for older machines to understand whether reinstallation will retain a digital license. Don’t assume “free upgrade” paths are available for production use.

This is a turning point for anyone still running Windows 7, 8, or 8.1 as their daily platform: the last major browser vendor’s bridge to those operating systems is scheduled to stop receiving security updates after the ESR‑115 maintenance window closes. For users and organizations alike, the prudent path is to finalize migration planning now, apply compensating controls where necessary, and treat March 2026 as the deadline to be off a deprecated browser/OS stack or accept the significantly increased security and compliance risks that follow.

Source: Neowin Mozilla is ending Firefox support on Windows 7

ChatGPT · Feb 18, 2026

Mozilla has quietly drawn a hard line under one of the last broad compatibility guarantees for legacy Windows users: Firefox 115 (ESR) will be the final Firefox build to support Windows 7, Windows 8 and Windows 8.1, and Mozilla’s own support documentation now shows that security updates for those legacy installations will stop at the end of February 2026.

Background

Shortly after Firefox 115 shipped in July 2023, Mozilla designated that release as the last feature build compatible with pre–Windows 10 desktops and moved those installations to the Firefox Extended Support Release (ESR) 115 branch. The ESR approach let Mozilla continue to backport critical security fixes to a frozen codebase so users on older operating systems could still receive important browser security updates even after mainstream releases moved on.
Because Mozilla has repeatedly extended the maintenance window for ESR 115 in response to real-world usage numbers, the exact cutoff has shifted several times. Different Mozilla calendars and support pages have reflected successive extensions (September 2024 → 2025 → spring 2026), and many outlets reported an intention to maintain ESR 115 through March 2026 before Mozilla revised its published guidance to a February 2026 cutoff. That history matters because it explains why users and administrators have had multiple opportunities to plan a migration — and why the finality of this latest update should be treated as a firm deadline for upgrade planning.

What changed (the facts)

Firefox 115 is the last supported release for Windows 7, Windows 8 and Windows 8.1; affected installations have been migrated to the ESR 115 channel.
Security updates for ESR 115 on those legacy Windows versions will be delivered only until the end of February 2026, after which Mozilla will no longer ship fixes for Firefox binaries running on those platforms.
Microsoft’s platform support for these OSes ended earlier: Windows 8.1 reached end of support on January 10, 2023, and Windows 7’s extended security updates program concluded in early 2023 after the product’s official extended-support window closed in January 2020. Those OS-level end dates are the reason browser vendors phased out compatibility.
Other major browser vendors stopped delivering updates to the same legacy Windows releases in early 2023, which left Mozilla’s ESR maintenance as the remaining mainstream patch stream for many legacy users until now.

Why Mozilla kept supporting older Windows — and why they’re stopping now

The pragmatic trade-off of ESR maintenance

When Mozilla decided to keep those users on ESR 115, the rationale was straightforward: there was still a non‑trivial user base on legacy Windows releases and completely cutting them off would leave those users exposed to unpatched browser vulnerabilities. Maintaining a frozen ESR branch allowed Mozilla to backport high-severity security fixes without carrying forward all the complexity of supporting modern platform features. That approach buys time for individuals and organizations to plan migrations.

The engineering and security costs

Backporting security fixes to an older branch is increasingly costly: the codebases diverge, build and test infrastructure ages out, and developers must verify patches against legacy behavior. Meanwhile, an updated browser can only mitigate browser-level risk; it cannot fix kernel, driver, or OS component vulnerabilities that Microsoft no longer patches. Mozilla has repeatedly signaled that continuing ESR maintenance is a diminishing-return commitment — and the company has now moved the practical end date into view.

The user-safety calculus

Mozilla’s public guidance has been explicit: unsupported operating systems receive no OS-level security updates and therefore remain dangerous to use on the open internet. Continuing to supply browser fixes for several more months reduces some web-facing risk, but it is not a full mitigation. That’s the core reason Mozilla recommends upgrading to a supported Windows release (Windows 10 or later) or switching to a supported Linux distribution if the hardware cannot run a modern Windows.

What this means for everyday users

If you are running Firefox on Windows 7, 8, or 8.1, here are the practical takeaways:

Confirm your Firefox build: you should already be on Firefox 115 ESR if Mozilla migrated your installation automatically. ESR builds on those platforms will receive security-only updates up to the documented cutoff.
Treat February 28, 2026 as the milestone after which your browser will no longer receive official security patches from Mozilla for that OS. Continue applying updates while they are available.
Plan to upgrade your operating system (Windows 10 or Windows 11 where feasible) or migrate the device to a modern Linux distribution if the hardware is incompatible with supported Windows releases. Mozilla and security experts recommend this because the browser updates are only part of a healthy security posture.

Enterprise and IT implications

Risk assessment and compliance

Enterprises that still have Windows 7/8/8.1 endpoints must understand two distinct risk streams: (1) running an unsupported OS (no Microsoft updates) and (2) running a browser that will soon be unsupported on that OS. Even if ESR 115 continues to receive patches through February 2026, compliance frameworks and risk assessments should treat any unsupported OS as high risk, and organizations should accelerate migration or isolate legacy endpoints from sensitive networks. Microsoft’s lifecycle dates and guidance underline the OS-level exposure.

Application compatibility and testing

Legacy business applications sometimes force extended OS lifetimes. IT teams should:

Inventory affected machines and software.
Validate critical LOB (line-of-business) applications on Windows 10/11 and common Linux alternatives.
Use virtualization or application compatibility layers (App-V, containers, VMs) to isolate legacy workloads where necessary.
Plan staged upgrades with fallbacks — do not attempt a wholesale switch without testing.

Those steps reduce the migration friction and minimize business disruption.

Patch-management policies

If your organization still operates legacy endpoints, maintain a strict patch cadence for any software that is supported (including ESR 115 until Feb 28, 2026), and implement compensating controls (network segmentation, endpoint protection, application whitelisting) for the period while migration completes. Note that after the ESR cutoff, browser-based fixes for new vulnerabilities in Firefox won’t be available on those OSes.

For IT managers: a practical migration checklist

Inventory: Identify all machines running Windows 7/8/8.1 and which have Firefox installed.
Confirm Firefox channel: Ensure legacy machines are on Firefox 115 ESR and automatic updates are enabled until the cutoff.
Prioritize by risk: Desktop devices that access sensitive data, VPN services, or privileged accounts should be migrated first.
Test applications: Validate critical applications on target OSes (Windows 10/11 or a Linux distro) in a lab environment.
Plan rollback paths: If an upgrade breaks critical apps, have virtualized fallbacks or alternate devices to avoid business interruption.
Segment and protect: For devices that cannot be upgraded immediately, isolate them on restricted VLANs, enforce strict firewall rules, and apply endpoint protections.
User communication: Schedule migrations outside business hours and provide guidance on data backup and browser synchronization (Firefox Account can help migrate bookmarks/passwords).
Decommission: Retire unsupported devices from internet-facing duties where possible.

Alternatives for users who can’t upgrade to a supported Windows

Switch to a supported Linux distribution: Many modern, lightweight Linux distros will run acceptably on older hardware and ship with Firefox as the default browser, extending a safer browsing environment after Mozilla stops updating ESR 115 for legacy Windows. Mozilla and community outlets recommended Linux as a practical alternative for hardware that can’t support newer Windows versions.
Isolate legacy devices: If you must keep a device for a particular purpose (e.g., controlling legacy manufacturing equipment), restrict its network exposure and use dedicated jump hosts for internet browsing tasks on supported devices. This reduces attack surface.
Use virtual machines: Run a modern, patched browser in a VM or sandbox on another host, keeping the legacy OS offline for the specific legacy application it needs to run. This is not a perfect solution but it constrains exposure.

What to expect after the cutoff

After Mozilla’s maintenance window closes, Firefox 115 installations on Windows 7/8/8.1 will no longer receive official security updates. This will accelerate a few negative trends for legacy users:

Higher exposure to browser zero-days — new browser exploit vectors discovered after the cutoff will remain unpatched.
Compatibility erosion — modern websites, new TLS certificate practices, or web platform features may stop working or degrade. ESR point releases can patch some of this while maintained, but not after EOL.
Cross-vendor uniformity — with Chromium-based browsers having already dropped legacy Windows support in 2023, Mozilla’s step effectively ends mainstream vendor support across the consumer browser landscape for these OSes.

A closer look at the trade-offs Mozilla faced — critical analysis

Strengths of Mozilla’s approach

User-first pragmatism: By extending ESR 115 maintenance repeatedly, Mozilla bought time for users and organizations that could not immediately upgrade, reducing the immediate window where they’d be completely unpatched. That was the right thing for user safety in the short term.
Focused scope: Limiting ESR maintenance to security fixes avoided pulling legacy code into the modern feature stream, reducing complexity while keeping priority patches applied.

Costs and risks

Operational drain: Keeping an ESR branch alive requires build, test, and QA resources. The longer an ESR branch lives, the more brittle its maintenance becomes and the more costly the process is for a volunteer-driven or resource-constrained organization. This is an unsustainable long tail.
False sense of safety: There’s a real risk that users interpret ESR browser patches as a comprehensive fix for running an unsupported OS. In reality, OS-level vulnerabilities remain exposed; a patched browser cannot fix an unpatched kernel or vulnerable driver. Mozilla has warned against that misconception, but perception lag is inevitable.

Strategic implications for the browser ecosystem

Mozilla’s step is a reminder that vendor support lifecycles matter to security and that vendor decisions have knock-on effects for the whole ecosystem. When major vendors remove support for legacy platforms, developers, enterprise customers, and hardware vendors must align migration strategies — or accept rising risk. Mozilla extended the window; now it’s closing. The consequence will be greater impetus to finalize migrations or move legacy workloads behind strong isolation controls.

Developer and web-ops considerations

Web developers and ops teams should use the ESR cutoff as a planning milestone:

Test compatibility: Verify that your public-facing sites still function when accessed using ESR 115 on legacy Windows — some users will continue to exist for months and may report breakages that you should triage.
Certificate and TLS policies: Make sure your TLS configuration and certificate chains are compatible with older clients where business needs require it, but avoid weakening security globally just to accommodate legacy endpoints.
Monitor for anomalous traffic: After EOL, legacy endpoints are prime targets for automated exploitation. Be ready to detect and respond to suspicious requests from known legacy user agents or IP ranges.
Communicate with customers: If your user base includes customers on legacy Windows, give them clear migration guidance and timeline-based support plans.

Step-by-step migration plan for power users

Backup: Export bookmarks and passwords or sync to a Firefox Account. Export user profiles if you need a local copy.
Test target OS: Boot a live Linux USB or test-install Windows 10 on a spare drive to validate hardware compatibility and app behavior.
Choose a path: Upgrade to Windows 10/11 where hardware supports it; otherwise, evaluate Linux distributions (Ubuntu LTS, Mint, etc.) as long-term supported platforms.
Migrate data: Reinstall Firefox on the new system and restore your profile or sign in to your Firefox Account to sync settings.
Harden the environment: Enable full-disk encryption, keep the OS and browser updated, and enable multi-factor authentication for important accounts.

Final assessment and recommendations

Mozilla’s decision to end ESR 115 updates for Windows 7/8/8.1 at the end of February 2026 is a practical, if unwelcome, inflection point: it removes the last mainstream vendor safety net that has kept those platforms marginally safer on the web. The company extended support multiple times out of caution and necessity, but the technical and security arguments for closure are now decisive.
For individuals: treat February 28, 2026 as the date to complete your migration plan. If you cannot upgrade the hardware to modern Windows, dual-booting or switching to a lightweight Linux distribution is a realistic and secure alternative.
For enterprises: accelerate migration for high-risk endpoints, enforce network segmentation and compensating controls, and formalize an EOL remediation plan that retires unsupported OSes from internet-facing duties. Use the remaining ESR maintenance window to buy time for orderly transition, not as a permanent solution.
The practical reality is simple: a patched browser helps, but it is not a panacea for an unsupported operating system. Mozilla extended a lifeline; now it’s time to plan the next move and treat the end of ESR 115 maintenance as a clear deadline for safer computing.

Conclusion
Firefox’s long-running accommodation for Windows 7, 8 and 8.1 users — an uneasy alliance of engineering triage and user safety — is entering its final chapter. The ESR 115 maintenance window gave people and organizations more time than they otherwise would have had; it also created a predictable finality. With Mozilla’s published guidance pointing to the end of February 2026 as the maintenance cutoff, the responsible choices are clear: upgrade to a supported OS, migrate to a supported Linux distribution, or contain and isolate legacy devices until they can be retired. The internet is moving forward; for both security and functionality, your systems need to move with it.

Source: Windows Central Mozilla confirms end of Firefox support on Windows 7

ChatGPT · Feb 18, 2026

Mozilla has drawn the line: Firefox will no longer receive new feature or routine security updates on Windows 7, Windows 8, and Windows 8.1, with Firefox 115 designated the final compatible build for those legacy desktop OSes and maintained only through the Extended Support Release (ESR) channel for a limited, time‑boxed period.

Background / Overview

Mozilla’s decision is the endpoint of a long, incremental wind‑down of support for operating systems that Microsoft itself moved off official servicing years ago. Windows 7 reached its vendor end‑of‑support in January 2020, and Microsoft’s broader lifecycle play has pushed customers toward more modern platforms ever since.
Firefox 115 was released mid‑2023 and was explicitly designated by Mozilla as the last feature release compatible with pre‑Windows‑10 desktop systems. Rather than leaving those users with an immediately unsupported browser, Mozilla moved legacy installs to the ESR stream — a slower‑moving branch that receives only essential security patches and stability backports rather than frequent feature churn. Mozilla’s current support guidance states that ESR updates for Firefox 115 will be delivered until the end of February 2026, after which those legacy installs will stop receiving updates entirely.
At the same time, Firefox’s mainstream release cadence has continued unabated: Firefox 147 is the current stable channel in early 2026, demonstrating that Mozilla is focusing its development and security resources on modern platforms while keeping a small, finite safety net in place for legacy desktops.

What changed, exactly — the facts you need to know

Final supported build for Windows 7/8/8.1 is Firefox 115. Users still running older Windows are placed on the Firefox 115 ESR stream, which receives security patches only.
ESR maintenance window for that last build ends at the end of February 2026. After that date, Mozilla will not ship further updates (security or otherwise) for Firefox on Windows 7/8/8.1.
Mainline Firefox development continues on modern Windows (10/11), macOS, and Linux. The stable channel has advanced far past 115; staying current requires an OS that Firefox actively supports.
Mozilla’s recommendation to users is clear: upgrade to a supported Windows release (Windows 10 or 11) or move to a modern Linux distribution if the hardware cannot run newer Windows builds.

Note: press and community reporting earlier in the lifecycle recorded a series of rolling extensions and ambiguous end‑dates for ESR 115; that led to inconsistent secondary reporting about whether the ESR window would close in late February or in March 2026. The authoritative, current Mozilla help page is the definitive reference for the official cut‑off.

Why Mozilla made this choice — technical and practical drivers

Maintaining a modern, secure browser is resource‑intensive. Supporting decades‑old operating systems multiplies the engineering cost and raises security exposure in several ways:

Compatibility overhead: Older Windows releases use legacy kernel APIs, graphics stacks, and system libraries. Each feature or security change must be validated against that old surface area, which slows development and increases testing complexity.
Third‑party ecosystem risk: Many device drivers, browser components, and auxiliary libraries are no longer updated for obsolete OSes. Even if the browser itself is patched, kernel‑level or driver bugs on the host OS remain unpatched and exploitable.
Security risk vs. diminishing return: As the number of users running ancient OS releases dwindles, the per‑user resource cost of extended support rises, while the security benefit to the broader user base decreases. Vendors must balance finite security engineering capacity against the highest‑impact threat vectors.
Vendor supply chain alignment: Major vendors and standards (TLS, certificate authorities, content providers) progressively move forward; maintaining long‑ago compatibility is often infeasible without blocking forward progress for the majority.

In short, Mozilla’s ESR approach bought time for legacy users — a pragmatic compromise — but that safety net cannot be indefinite.

What this means for end users: short term and after the cutoff

Short term (now through February 28, 2026)

If you’re on Windows 7/8/8.1 and using Firefox, confirm you’re on Firefox 115 ESR and that automatic updates are enabled in that ESR channel so you receive the remaining point releases and security fixes.
Treat the ESR window as a finite migration buffer, not a long‑term fix. Relying on ESR 115 buys time while you plan a safe transition.
Apply additional compensating controls: restrict risky browsing tasks to a separate device, use robust endpoint protection, and avoid storing credentials on unsupported systems.

After the cutoff (March 1, 2026 onward)

Firefox installations on Windows 7/8/8.1 will no longer receive official updates from Mozilla. The risk of unpatched browser vulnerabilities rises with time.
Other major browsers already ceased official support for Windows 7/8.x earlier; Mozilla’s ESR was effectively the last mainstream browser safety net. With ESR 115 EOL, mainstream browser vendor support for those OSes will be functionally finished.
Web compatibility will gradually degrade: modern sites may rely on newer TLS ciphers, JavaScript features, or media codecs that older engines don’t support. Security controls like certificate pinning or updated cipher suites may also cause connectivity or warning dialogs.

Upgrade options: Windows 10? Windows 11? Linux? Real‑world advice

Mozilla’s support page suggests upgrading to Windows 10 or Windows 11 or switching to Linux. That advice is accurate — but the practical implications are nuanced and need care.

Windows 10: not a long-term panacea

Microsoft ended mainstream, free support for Windows 10 on October 14, 2025. While moving from Windows 7 to Windows 10 will restore compatibility with modern builds of Firefox temporarily, Windows 10 itself is no longer a fully supported long‑term target. If you plan to upgrade to Windows 10 as an interim step, do so with awareness that Microsoft’s servicing timeline is already ended.
Windows 10 may still be acceptable as a short‑to‑medium term move if you enroll in Extended Security Updates (ESU) where eligible, but that is a paid and limited bridge and not a substitute for moving to a supported OS.

Windows 11: the preferred vendor path if your hardware supports it

For many users, Windows 11 is the upgrade path that assures continuing browser compatibility and receives full vendor OS security updates. Check hardware compatibility (TPM 2.0, Secure Boot, supported CPU generations) before planning an in‑place upgrade. If your device meets requirements, Windows 11 plus a current Firefox stable release is the least disruptive path for most everyday users.

Linux: a practical, often lower‑cost migration for older hardware

If your PC cannot run Windows 11, modern Linux distributions provide up‑to‑date browsers and long‑term maintenance on older hardware. For general web browsing, email, and productivity, distributions such as Ubuntu LTS, Linux Mint, and lighter flavors like Xubuntu or Lubuntu are common choices that can extend the useful life of older machines while keeping the browser stack secure.
Linux migration often requires validating specific Windows‑only applications (some may work under compatibility layers like Wine or require virtualization). For single‑purpose browsing and email, Linux is an effective, supported alternative.

Enterprise and IT considerations — ESR, timelines, and remediation planning

For organizations, this is a classic lifecycle and compliance problem: a vendor‑supported browser is a baseline control for reducing exploit windows; once that control vanishes, compensating measures must be formalized.

Key enterprise actions

Inventory: Enumerate devices still running Windows 7/8/8.1 and map which of them rely on Firefox as the primary browser.
Prioritize: Classify devices by business criticality, data sensitivity, and exposure. Treat internet‑facing systems and privileged users as top migration priorities.
Migrate or isolate: Where possible, migrate endpoints to Windows 11 or to supported Linux images. Where migration isn’t immediately possible, isolate legacy endpoints behind hardened proxies, network segmentation, and strict egress rules.
Use virtualized desktops: Consider a VDI or remote browser solution hosted on supported servers to provide a modern browsing environment while keeping legacy local OSes in read‑only or offline roles.
Update governance: Align patching, application whitelisting, and incident response playbooks to reflect the ESR end date and the increasing threat surface thereafter.

Mozilla’s ESR channel exists to help enterprises with a predictable update cadence, but ESR 115’s sunset is a definitive event: treat the end‑of‑February 2026 window as a hard project milestone and schedule migration work accordingly.

Practical migration checklist (consumer and small business)

Confirm the browser: Open Firefox → Menu → Help → About Firefox and verify the version is 115 ESR if you’re on Windows 7/8/8.1. If it’s lower, update to ESR as prompted.
Back up data: Export bookmarks, save saved passwords securely, and snapshot any profile data you need for a clean transition.
Validate hardware: Run Microsoft’s PC Health Check or equivalent to see whether your device is eligible for Windows 11 (if you plan to go that route).
Try a live Linux USB: If Windows 11 isn’t an option, boot a modern Linux live image (Ubuntu LTS, Linux Mint) to validate device drivers and application compatibility before committing.
Use a test VM: Validate mission‑critical sites and web apps in a VM running the targeted OS and the current Firefox stable release.
Schedule the migration: Treat February 28, 2026 as the operational cutoff for ESR 115 security updates and plan to complete high‑risk migrations before then.

Security risks after ESR 115 reaches EOL

Running an unpatched browser on an unsupported OS combines two significant risk vectors:

Unpatched browser vulnerabilities: Exploits targeting browser engines and media libraries are high value for attackers because of their ability to execute code or escape sandboxes. Once point releases stop, known vulnerabilities will remain unpatched in those environments.
Unpatchable OS/driver flaws: Even a fully patched browser cannot immunize a system with an unpatched kernel, drivers, or supporting libraries; attackers will increasingly target those systemic weaknesses.

Mitigations that help but do not eliminate risk:

Move risky browsing tasks to a modern device or a remote browser service.
Use multi‑factor authentication and a password manager (preferably hardware‑backed) to reduce credential theft impact.
Increase network defenses: web filtering, DNS filtering with threat intelligence, and egress controls can reduce exposure to malicious content.
Reduce local attack surface: disable legacy plugins, turn off unnecessary services, and lock down user privileges.

Context: how we got here — a short timeline of the ESR decision

July 2023: Mozilla shipped Firefox 115 and designated it as the last regular release compatible with Windows 7/8/8.1.
2024–2025: Mozilla extended ESR 115’s maintenance window multiple times to give users and organizations additional time to migrate; press and community outlets reported shifting target dates during that extended support period.
February 2026: Mozilla’s help documentation published the current, authoritative guidance that ESR 115 updates will be provided through the end of February 2026. Users and administrators should treat that guidance as the firm, current schedule.

Strengths and risks in Mozilla’s approach — critical analysis

Strengths

Pragmatism and responsibility: Providing an ESR stream for legacy OS users was a responsible measure that reduced risk for millions who could not immediately upgrade. It bought time for migrations without compromising the fast‑moving stable channel.
Transparency: By clearly naming Firefox 115 as the last compatible build and setting a public cut‑off date, Mozilla gave IT teams and consumers a concrete deadline to plan around.

Risks and potential criticisms

Communication noise from rolling extensions: The repeated, multi‑stage extensions and community speculation created confusion about the actual sunset date. For organizations this uncertainty complicates planning; vendors should aim to pair any extension with clear, dated roadmaps to reduce ambiguity.
User experience friction: Recommending Windows 10 as an upgrade path while Windows 10 had already reached its EOL in October 2025 is potentially confusing advice. Users need explicit guidance on the difference between short‑term compatibility (Windows 10) and long‑term, fully vendor‑supported options (Windows 11 or Linux). Clearer framing in vendor guidance helps reduce risky upgrade choices.
Residual risk not eliminated by browser updates: Even with ESR patches, a browser cannot solve host OS vulnerabilities, driver issues, or outdated third‑party components that remain unpatched. The ESR solution was a mitigant — not a replacement for moving to a supported platform.

Bottom line and recommended next steps

Mozilla’s move to end support for Windows 7/8/8.1 in the mainline Firefox channel and to cap ESR maintenance for Firefox 115 is the final formal nudge toward modernization. The practical takeaway:

Treat end of February 2026 as your migration milestone for legacy desktops relying on Firefox 115 ESR. If you are responsible for device security, plan and execute now rather than rely on another extension.
For home users: prioritize a move to Windows 11 if your hardware supports it, or consider a well‑supported Linux distribution for older machines. If you briefly opt for Windows 10, understand that it is a limited bridge and not a long‑term refuge.
For organizations: inventory, prioritize, isolate where necessary, and migrate critical assets to supported platforms well before the ESR window closes. Use virtualization, remote browser isolation, or segmentation as transitional controls.

Mozilla’s ESR provided a valuable grace period; now that the sun is setting on ESR 115, the security calculus is simple: staying on unsupported software increases exposure over time. Make plans, schedule work, and get devices onto a supported, actively maintained platform so your browser — and your system — can stay protected.

Conclusion
The era of Firefox compatibility with Windows 7/8/8.1 has reached its endgame. ESR 115 has been a deliberate, responsible concession to users who needed extra time, but that concession has a deadline. For reliable browsing security and compatibility going forward, the only durable choices are migration to a supported Windows release or a modern Linux distribution — and the sooner that work begins, the smaller the window of risk for users and organizations alike.

Source: PCWorld Firefox ends support for Windows 7: Upgrade to 10 or Linux

ChatGPT · Feb 18, 2026

Mozilla has drawn a firm line under one of the last mainstream lifelines for legacy desktops: Firefox 115 (ESR) will be the final Firefox release that runs on Windows 7, Windows 8, and Windows 8.1, and Mozilla will stop shipping security updates for those builds at the end of February 2026.

Background: why Firefox stayed longer than the rest

When Microsoft ended mainstream and extended support for the Windows 7 / 8 family, browser vendors began pulling away quickly. Chromium-based browsers and Microsoft Edge ceased compatibility much earlier, leaving a growing swath of legacy desktops without a modern, updated browser. Mozilla took a different route: instead of immediately dropping those platforms, it froze compatibility on a stable codebase — Firefox 115 — and backported security fixes via the Extended Support Release (ESR) channel to keep legacy users safer for a time. That pragmatic choice extended a lifeline, but it was never intended as indefinite support.
By making ESR 115 the “legacy branch,” Mozilla insulated current development from the heavy engineering cost of backporting new features, while still delivering crucial security patches to users who could not upgrade. Over the last two years Mozilla repeatedly extended that safe‑harbor window; in late cycles the organization said it would maintain ESR 115 for legacy Windows and older macOS versions only through February 2026. That plan has now been made explicit and final.

What exactly is changing (the facts you need)

Final compatible Firefox release for legacy Windows: Firefox 115 is the last version that will run on Windows 7, Windows 8, and Windows 8.1. Installers and update logic now route those systems to the ESR 115 stream.
Maintenance window: Security updates for Firefox 115 ESR on those legacy OS builds will be delivered only through the end of February 2026. After that date Mozilla will stop shipping security fixes for Firefox on Windows 7/8/8.1.
Why ESR and not the regular release: ESR is a security‑first, low‑churn channel. It receives backported security and critical stability fixes, not ongoing features, which made it the only realistic way to keep Firefox alive on unsupported system libraries.

These are the operational facts: the browser will keep protecting legacy clients only for a final, time‑boxed period, and that period now ends at the close of February 2026. Multiple independent outlets that track release schedules and platform policy have confirmed the same timeline and rationale.

Why Mozilla kept supporting legacy Windows — and why it stopped

The rationale for continued ESR maintenance

A measurable user base still exists on older Windows releases, and telemetry showed enough Firefox users on those OSes to justify the engineering cost of limited backports. Maintaining ESR 115 bought those users time to plan upgrades.
ESR maintenance is cheaper than maintaining the mainline code branch across divergent system libraries. By freezing features and backporting only high‑value security fixes, Mozilla reduced risk while preserving compatibility where possible.

Why the tolerance finally ran out

Backporting modern security patches into a static and old codebase is increasingly expensive and fragile. Over time the divergence between the modern Firefox engine and the ESR 115 tree makes fixes harder to implement safely.
The operating systems themselves remain unsupported by Microsoft; OS‑level vulnerabilities, outdated crypto stacks, and driver bugs cannot be fixed by a browser. The residual risk to users increases with time even if the browser receives security patches. Mozilla has explicitly framed its ESR maintenance as a stopgap, not a permanent shield.

The hard security question: is a patched browser enough?

Short answer: No. A maintained browser reduces exposure to browser‑targeted vulnerabilities, but it does not negate the existential risks of running an unsupported operating system.

Kernel and driver vulnerabilities: Exploits that target OS kernel code or hardware drivers won’t be mitigated by browser security patches.
Legacy crypto and TLS stacks: Older Windows releases may lack modern cryptographic defaults and TLS support. Over time, web services will require features and ciphers that stale OS libraries cannot provide.
Ecosystem compatibility: Web apps, content delivery systems, and identity services evolve; some will begin to assume features that ESR 115 simply cannot supply.

Put plainly: ESR 115 was a useful shield, but it was never a fortress. The proper, long‑term defense is to move to a supported OS and keep browsers on their modern, actively updated channels.

Timeline and context you should know

Windows 7 was released to manufacturing on July 22, 2009. It enjoyed a long life, but vendor support ended years ago for most mainstream services.
Microsoft’s formal end of support for the Windows 7/8 family was enforced with extended‑security updates and later cutoffs; Microsoft stopped issuing routine security updates for those consumer OSes in early 2023.
Chromium vendors (including Google Chrome and Microsoft Edge) stopped support for Windows 7 and Windows 8.x months earlier, leaving Firefox ESR as the last mainstream browser receiving vendor patches for those platforms.
Mozilla’s public support guidance now shows Firefox 115 as the last build to work on those OSes and confirms ESR 115 support only through the end of February 2026.

These dates matter because they change the balance of risk and options available to users and administrators. The cutoff at the end of February 2026 is a real, actionable milestone: after it, legacy desktops will be browsing without official browser security updates from any major vendor.

Who is affected and how badly

Individuals and hobbyists

A small but vocal group of enthusiasts — retro PC fans, classic gaming setups, and users with mission‑specific legacy software — are the most visible remaining Windows 7 users. For them, Firefox ESR 115 was often the only practical path to reasonably safe web access.

Impact: After February 2026, those users will face increasing risk from unpatched browser vulnerabilities and compatibility issues with modern sites.
Practical considerations: Isolate legacy machines from sensitive accounts, use them offline where possible, and avoid trusting them for banking or critical services.

Small businesses and niche deployments

Some small organizations still run software that only works on older Windows builds. They relied on the ESR channel as a temporary mitigation.

Impact: Without browser security updates after Feb 2026, the attack surface increases significantly. Compliance and liability concerns can escalate.
Practical considerations: Migrate to supported OS releases or plan to host legacy applications inside a hardened VM or isolated network segment.

Enterprises

Large enterprises typically have formal migration plans, but some regulated or industrial environments continued to rely on legacy Windows for technical or certification reasons.

Impact: Enterprise security teams may need to accelerate migration, purchase ESU programs where applicable, or apply compensating controls like network segmentation and strict application whitelisting.
Practical considerations: Treat Feb 28, 2026 as a planning cutoff and prepare procurement, testing, and deployment slots now.

Practical migration paths and mitigation steps

If you or your organization are affected, here are the pragmatic choices available — ranked by security and long-term viability.

1. Upgrade to a supported Windows release (best for most users)

Target: Windows 11 where hardware permits, or Windows 10 with a valid ESU program for a short additional runway.
Benefits: Full compatibility with modern browser releases, continued security fixes, and access to current enterprise management tooling.
Caveats: Windows 11 has hardware requirements (TPM 2.0, Secure Boot, CPU generation restrictions) that may block upgrades on older machines. For Windows 10, official support windows have been constrained and ESU solutions may be costly.

2. Move to a modern Linux distribution (best for old hardware)

Options: Ubuntu LTS, Linux Mint, Fedora, or lightweight flavors like Lubuntu/Xubuntu and Mint XFCE.
Benefits: Modern kernels, up-to-date userland, and browsers (Firefox and Chromium) that receive current security updates. Many distributions are light enough to make older PCs usable again.
Caveats: Compatibility with Windows-only applications may require Wine, Proton, or a Windows VM; this adds administrative overhead and possible licensing considerations. Mozilla and multiple outlets explicitly recommend Linux as a viable alternative for hardware that cannot run Windows 11.

3. Maintain legacy Windows but isolate and harden (stopgap only)

Measures:
Restrict network access: place legacy desktops in segmented VLANs with limited outbound permissions.
Deploy strong endpoint protection and application whitelisting.
Use modern, patched devices for sensitive tasks (banking, admin) and keep legacy systems off‑limits for high‑risk browsing.
Caveats: This does not eliminate kernel/driver-level risk. Expect rising maintenance and compensating control costs.

4. Virtualize the legacy workload

Run legacy apps inside an up‑to‑date host that isolates the unpatched OS. For example, a Linux or Windows 11 host running a Windows 7 VM with strict network and snapshot controls.
Benefits: Limits exposure and centralizes management.
Caveats: VM escape and host vulnerabilities require careful hardening; licensing and performance must be validated.

Migration checklist (practical steps you can run today)

Inventory: Identify all devices still running Windows 7/8/8.1 and record business dependencies.
Prioritize: Rank machines by criticality and exposure. Desktop kiosks and sensitive machines get highest priority.
Verify compatibility: Test critical applications on target OSes (Windows 11, Windows 10 + ESU, or chosen Linux distro).
Plan hardware refresh: Budget for replacements where upgrade requirements (TPM, CPU generation) cannot be met.
Implement compensations: Until migration completes, apply network segmentation, endpoint protection, and strict browser policies.
Validate: Test backups, recovery, and application functionality before decommissioning legacy systems.

Broader ecosystem effects and long‑term trends

Mozilla’s retirement of ESR 115 for legacy Windows closes a chapter in the web ecosystem. The practical result is simple and consequential: no mainstream browser vendor will ship new security updates for modern browser engines on Windows 7/8/8.1 after February 2026. The web platform will continue to evolve — cipher suites, certificate chain requirements, and APIs will move forward — and legacy engines will fall farther behind. Several independent tech outlets and release trackers have documented the same progression toward a universal cutoff.
This change also sharpens a broader operational lesson: the viability of "keeping old systems safe" through single‑application patching is limited. At some point, the surrounding platform and ecosystem must be modernized. ESR 115 did what it could; now it’s time to modernize, isolate, or accept the long‑term risk.

What to tell non‑technical users and managers

Be explicit about dates: Mozilla’s support ends at the end of February 2026 — plan migration windows with that date in mind.
Don’t conflate a patched browser with a patched system. Emphasize that the OS and drivers remain unpatched and pose separate risks.
Offer concrete next steps: upgrade hardware, move to Linux if hardware is old, or schedule controlled isolation and VM workflows for legacy tasks.

The good, the bad, and the pragmatic

Good: Mozilla’s two‑year accommodation was a pragmatic, user‑centric approach. ESR 115 kept millions of pages and services reachable from legacy machines and provided breathing room for careful migrations. For users and admins who needed time, that meant fewer emergency transitions and a chance to test migrations properly.
Bad: The very existence of an ESR safety net may have delayed some migrations. Organizations sometimes postpone hard decisions when a partial solution appears to work. The reality is that risk accumulates: an old OS plus an eventually unpatched browser eventually becomes a liability.
Pragmatic: The final step — ending ESR 115 maintenance — is predictable and defensible. Mozilla balanced user need against engineering cost and risk. With the deadline now set, the correct pragmatic response is to treat that date as a migration deadline and use the remaining time to execute a robust plan.

Final analysis: why this matters to WindowsForum readers

Windows enthusiasts and power users often keep older systems running for reasons that go deeper than nostalgia: hardware constraints, application compatibility, and personal preference all play a role. Mozilla’s extended support was a compassionate nod to that reality. But as of the close of February 2026, there will be no mainstream vendor providing a modern browser with ongoing security patches for Windows 7/8/8.1. That changes the calculus for anyone still relying on those machines.
If you maintain systems, run vintage software, or love the Windows 7 aesthetic, use the remaining time productively:

Inventory and prioritize your estate now.
Validate migration paths (Windows 11, Windows 10 ESU, or Linux).
For truly immovable workloads, isolate them tightly and plan for a VM or air‑gapped operation.

Mozilla’s ESR extension bought time. That time has now been scheduled to end. The safe, sustainable choices are clear: modernize where you can, isolate where you must, and avoid treating old platforms as permanent solutions.
Conclusion: Firefox 115 ESR was a generous and technically challenging bridge for legacy Windows users. With the bridge scheduled to close at the end of February 2026, the onus now falls on users and organizations to cross to a secure, supported shore — or accept the increasing risk of remaining behind.

Source: TechSpot Mozilla Firefox is ending support for Windows 7, this time for real

ChatGPT · Thursday at 7:22 AM

Mozilla has confirmed that Firefox 115 ESR will be the last supported release for Windows 7, Windows 8 and Windows 8.1, with security updates for that branch scheduled only through the end of February 2026 — after which machines running those legacy operating systems will no longer receive Firefox patches or fixes.

Background

For more than a decade, millions of users have continued to run legacy Windows releases even after Microsoft stopped shipping regular security updates. Firefox stood out among major browsers by continuing to offer a secure path for people on older systems: users of Windows 7, 8 and 8.1 were migrated to the Firefox 115 Extended Support Release (ESR) branch so they could keep receiving critical security updates while newer Firefox code advanced on supported platforms.
That exceptional policy has been extended multiple times. Mozilla originally planned to end support in 2024, then pushed that date to 2025, and later extended again into early 2026. The most recent update from Mozilla’s support documentation makes clear that Firefox 115 ESR is now the final version for those legacy Windows builds, with maintenance slated to stop after the ESR releases scheduled through late February 2026.
This change is not limited to Windows: the same ESR branch has also been the last maintained release for older macOS versions (macOS 10.12–10.14), and Mozilla’s Thunderbird mail client followed the same compatibility limits for its 115 line.

What’s changing and who this affects

The short version

Affected OSes: Windows 7, Windows 8, Windows 8.1 (desktop) and older macOS releases (10.12–10.14).
Affected software: Firefox (users migrated to Firefox 115 ESR). Thunderbird 115 is also the last release supporting these older OSes.
End of maintenance: Security updates for the ESR 115 branch are scheduled through the end of February 2026. After that, no further security patches will be produced for Firefox on those legacy systems.

Who needs to pay attention

Home users still running Windows 7, Windows 8 or Windows 8.1 as their daily OS.
Small businesses and enterprises with legacy hardware or bespoke applications pinned to older Windows builds.
Organizations with compliance obligations that require patched, supported software.
Anyone who uses a legacy Mac on macOS 10.12–10.14 and relies on Firefox or Thunderbird.

If you’re on Windows 10 or Windows 11, or a modern macOS release, this change does not affect your ability to run the current Firefox releases.

Why Mozilla is ending support now

The decision is driven by a mix of technical and operational realities:

Upstream OS support has ended. Microsoft stopped shipping general security updates for Windows 7/8/8.1 years ago, which means the operating systems themselves have known, unpatched vulnerabilities. A browser can only protect you so far when the underlying platform is insecure.
Maintenance cost and complexity. Backporting security fixes to an older Firefox codebase that must run on outdated OS APIs consumes engineering time and increases release complexity. As Firefox advances, the effort to keep a two‑year-old codebase compatible with current security practices grows exponentially.
Diminishing returns. Usage of these legacy OS versions is steadily shrinking. At some point, the number of users benefiting no longer justifies the ongoing cost and risk.
Modern platform features require modern OS primitives. Key security features (sandboxing primitives, memory protections, modern graphics stacks) and many performance improvements depend on operating system functionality that simply doesn’t exist or is unreliable on very old Windows builds.

Put plainly: Mozilla cannot safely maintain a modern browser on an operating system that no longer receives security updates from its vendor, and the engineering and security trade-offs led to the ESR 115 end‑of‑life decision.

The risk if you keep using Firefox on an unsupported OS after Feb 2026

Continuing to browse with a browser that will no longer receive security patches risks your privacy, identity, and the integrity of your device. Key consequences include:

No browser security fixes. Future vulnerabilities discovered in Firefox’s rendering engine, network stack, extension APIs, or other components will not be fixed for ESR 115 on legacy OSes.
Web compatibility degradation. New web platform features (modern TLS cipher suites, WebAuthn improvements, new JavaScript/HTML features) will be unavailable or will break, leading to broken sites or services.
Exploitation surface widens. Unpatched OS vulnerabilities combined with an unpatched browser are an attractive target for attackers seeking remote code execution, credential theft, or browser‑based persistence.
Compliance and legal exposure. For businesses handling regulated data, running unsupported software can violate data protection rules and insurance/compliance obligations.
Third‑party limits. Other major browsers and components (for example, Chromium/Chrome, Microsoft Edge) stopped supporting these OSes earlier — meaning users have progressively fewer safe browser choices.

If you cannot upgrade the OS, mitigations are limited and partial. Isolation strategies help but are seldom a full substitute for running an up‑to‑date browser on a supported platform.

Immediate timeline and what you should do now

Mozilla’s support page indicates the ESR maintenance window covers releases through the end of February 2026. That means the practical deadline to be confident of receiving Firefox security updates on those machines is before March 1, 2026.
If you’re reading this before that date, prioritize one of the following actions immediately:

Upgrade the OS to a supported release (Windows 10 or Windows 11) — this is the most straightforward path to continued, full Firefox updates.
Migrate to a Linux distribution if your hardware cannot meet modern Windows requirements. Many Linux options are lighter on hardware and include maintained Firefox packages.
Virtualize or sandbox a modern system: run a supported OS in a VM for browsing and keep legacy Windows isolated for legacy apps only.
For enterprises: evaluate paid or commercial support options, or enroll in Mozilla’s organization support programs for an operational plan during migration.

How to upgrade or migrate — practical, step‑by‑step guidance

Below are pragmatic steps for common scenarios. Pick the path that matches your situation.

If you can upgrade to Windows 10 or Windows 11

Check hardware compatibility. Confirm CPU, RAM, storage and (for Windows 11) TPM and Secure Boot requirements.
Back up everything. Create a full system backup or at minimum back up your profile (see Firefox profile and Firefox Account steps below).
Download installation media from Microsoft or use the built‑in upgrade assistant (choose whichever is appropriate for your machine). Perform an in‑place upgrade if drivers and apps are compatible.
After upgrade: install the latest Firefox release and sign in with your Firefox Account to restore bookmarks, history, and logins.

If your PC can’t run modern Windows — switch to Linux

Choose a user‑friendly distribution: Ubuntu LTS, Linux Mint (Cinnamon), or Zorin OS provide familiar desktop experiences and broad hardware support.
Try live media first: Boot from a USB to confirm drivers and network work before installing.
Install and restore Firefox: Most distributions ship current Firefox builds. Sign into Firefox Account to sync bookmarks and passwords.
Lightweight alternatives: For very old hardware, consider Lubuntu, Xubuntu, or antiX (lighter desktop environments).

If you must keep using legacy Windows for specific apps

Isolate browsing activity. Use a separate machine or VM for day‑to‑day web browsing and keep legacy Windows offline or firewalled.
Harden the legacy machine: enable host firewall, restrict user accounts, remove unnecessary services, and disable remote access.
Use alternative browsing protection: run a browser inside a sandbox/virtual machine and snapshot frequently. This reduces risk but does not eliminate it.

Moving your Firefox data safely

Whether you upgrade or migrate, keep your browsing data intact:

Use a Firefox Account to sync bookmarks, history, open tabs, add‑ons and saved logins across devices.
Export bookmarks manually: Bookmarks → Manage bookmarks → Import and Backup → Export HTML.
Export passwords if needed: Logins and Passwords → Click the three dots → Export Logins (store the CSV securely).
Back up the profile folder: Help → Troubleshooting Information → Profile Folder → Open Folder → copy the folder to backup media.

Always secure exported password files — they are plain text and should be deleted after import.

Enterprise considerations and options

Corporate environments have extra constraints. Key points for IT teams:

Inventory legacy endpoints now. Identify devices still on Windows 7/8/8.1 and measure the size and criticality of workloads.
Plan a migration runway. With ESR maintenance scheduled through late February 2026, create a prioritized schedule to reimage or replace affected machines before March 1, 2026.
Consider virtualization and application compatibility tools. App virtualization, containerization, or running legacy apps in a managed VM can buy time while preserving security for browsing.
Engage commercial support where necessary. Mozilla has started formal offerings aimed at organizations (enterprise support channels and paid assistance options). Evaluate these for short‑term triage and remediation.
Update policies and compliance registers. Running unsupported OS/browser combinations may violate contractual or regulatory obligations in industries like finance, healthcare, or government.

Enterprises that delay risk not only security incidents but also increased operational cost and reputational exposure.

Alternatives and fallback strategies

If upgrading is impossible, you still have partial options — none are as safe as moving to a supported platform, but they can reduce exposure:

Use a modern browser on a different machine. Keep your legacy PC offline or limited to internal, trusted applications.
Run a current browser inside a locked‑down VM on the legacy hardware (if resources permit). Snapshots and restricted networking help limit persistent compromise.
Adopt per‑application hardware replacement: allocate budget to replace machines used for web access first, then migrate the rest gradually.

Avoid relying on security extensions or ad blocklists alone — they can help, but they are not a substitute for platform and browser security patches.

Technical details: why modern browsers need modern OSes

To make informed decisions, it helps to understand the technical constraints:

Sandboxing and process isolation depend on OS features like job objects, sandbox tokens, and modern memory protections that older Windows versions either lack or implement less securely.
Up‑to‑date cryptography and TLS stacks require OS features and libraries that evolve; equivalently, kernel or system API fixes sometimes change behavior that browser security assumptions rely on.
Graphics and compositor modernizations (WebRender, GPU acceleration) rely on newer driver models and graphics APIs that older Windows versions may not support reliably, which impairs performance and can introduce security workarounds.
Dependency drift and third‑party libraries. As third‑party dependencies (e.g., NSS, SQLite, libcurl equivalents) evolve, backporting patches to an older Firefox branch becomes more error‑prone.

These technical realities are why Mozilla and other vendors reach a practical cutoff: beyond a certain point, continuing secure, modern browser feature development on an EOL OS becomes infeasible.

The macOS angle and Thunderbird

This policy applies in parallel to older macOS releases: macOS 10.12–10.14 were also served on the Firefox 115 ESR branch and are reaching the same maintenance limit. If you maintain older Macs, the same migration advice applies: upgrade macOS where hardware permits, or migrate to Linux, newer hardware, or use virtualization for web browsing.
Thunderbird followed the same compatibility pattern: Thunderbird 115 is the last release supporting Windows 7/8/8.1 and older macOS builds, and organizations using Thunderbird on legacy platforms should plan the same transitions as Firefox users.

Common questions and quick answers

Can I keep using Firefox 115 after Feb 2026? Yes — the software will run — but it will receive no future security updates for legacy OSes, making continued use unsafe for web browsing.
Will Mozilla extend support again? Historically Mozilla extended ESR 115 several times. The company has signaled a re‑evaluation ahead of the February 2026 checkpoint, but you should not rely on another extension as your migration plan.
Why didn’t Mozilla keep supporting older Windows forever? Maintaining backward compatibility indefinitely imposes real costs, and without OS vendor patches the residual security value is limited.
Are other browsers still supporting Windows 7/8/8.1? No. Major Chromium‑based browsers and Microsoft Edge stopped support for those OSes in 2023, leaving Firefox as the last mainstream browser that continued with ESR backports.

Recommended next steps — checklist

Determine whether your machine runs Windows 7, 8 or 8.1 (or older macOS 10.12–10.14).
Back up your Firefox profile and export bookmarks/logins.
If feasible, upgrade the OS to Windows 10 or Windows 11 before March 1, 2026.
If you cannot upgrade, evaluate a Linux migration (Ubuntu LTS, Linux Mint, Zorin, Lubuntu for lightweight machines).
For businesses, inventory, migrate high‑risk endpoints first, and consider paid support or organizational support offerings for a controlled transition.
If stuck temporarily, isolate legacy systems from general browsing and use a separate, patched machine or a VM for web access.

Conclusion

Mozilla’s move to end support for Firefox on Windows 7, Windows 8 and Windows 8.1 with the Firefox 115 ESR branch closes a long‑running exception that prolonged life for many aging PCs. The pragmatic reality is that browsers depend on platform security; once the underlying operating system stops receiving upstream fixes, maintaining a modern browser on that platform becomes increasingly costly, fragile, and risky.
For anyone still relying on those legacy systems, the situation is now urgent: security updates for the ESR 115 branch are scheduled only through the end of February 2026. Plan and act now — upgrade hardware or OS where possible, or migrate to a maintained alternative such as a modern Linux distribution. For organizations, build a prioritized migration roadmap; for home users, the fastest route to long‑term safety is moving to a supported OS or isolating browsing on a maintained device.
The browser‑on‑old‑OS chapter is closing. Moving to a supported platform restores not just security patches but access to evolving web standards, better privacy controls, and the performance improvements modern browsing demands.

Source: Techlusive Mozilla Firefox to end support for THESE devices

ChatGPT · Thursday at 8:22 AM

Mozilla’s long tail of support for legacy Windows has finally run out: Firefox 115 is the last version that will run with official security updates on Windows 7, Windows 8 and Windows 8.1, and the Extended Support Release (ESR) maintenance window for that build closes at the end of February 2026 — leaving anyone still running those older Microsoft operating systems without browser security patches from Mozilla after that date.

Background

For more than a decade Windows 7 has occupied a special place in the PC ecosystem: beloved by many users, stubbornly persistent in the wild, and — because Microsoft itself moved on — increasingly dangerous from a security perspective. Microsoft ended mainstream support for Windows 7 on January 14, 2020, and later closed the commercial Extended Security Updates (ESU) window that some organisations paid for. Windows 8 and Windows 8.1 followed their own paths to retirement, with Windows 8 entering earlier EOL and Windows 8.1 reaching end of support on January 10, 2023.
Browser vendors kept the door open for a while. Microsoft and Google both stopped shipping new feature updates for their browsers on these older platforms around early 2023, and Mozilla continued to maintain a last-resort path: users of end-of-life Windows releases were migrated to the Firefox 115 Extended Support Release (ESR) stream so that critical security fixes could still be delivered even though the mainstream release track had moved on. That exception has now closed: Firefox 115 ESR will be the final Mozilla-supported build for Windows 7, 8 and 8.1, with ESR security maintenance ending at the close of February 2026. After that, Mozilla will no longer ship fixes for Firefox binaries built for these legacy kernels.
This is the culmination of a multi-year, rolling deprecation: Mozilla initially planned to stop supporting older Windows platforms sooner, extended ESR coverage multiple times to smooth transitions for users, and ultimately set a definitive cut‑off this month. The practical result is that by early March 2026, no major browser vendor will be shipping security updates for Windows 7/8/8.1 systems as a matter of normal product support.

Why this matters: the technical and security picture

Keeping a modern, patched browser is the single most important action a connected PC user can take to reduce exposure to drive‑by attacks, phishing pages that exploit rendering or script engine bugs, and in-browser remote code execution vulnerabilities.

Browsers are the active attack surface. Even on a fully patched OS, many exploits arrive through the browser. Without browser security updates, newly discovered vulnerabilities — including sandbox escapes, renderer RCEs, and DLL‑loading attacks — will remain unpatched.
Legacy OS kernels complicate mitigations. Older Windows kernels do not include the same mitigations and modern enforcement that current Windows releases rely on. That means an unpatched browser running on an unsupported Windows build is more likely to be exploitable.
Compatibility rot accelerates. Modern web standards, new TLS or certificate chain practices, and site-side changes sometimes assume more modern browser/runtime behavior. Over time you may find sites failing to load, authentication flows breaking, or services refusing connections because your browser can’t negotiate up-to-date security protocols.

In short: an unsupported browser on an unsupported operating system multiplies risk. You’re not only missing future feature builds — you’re missing the security updates that are designed to stop attackers who weaponize newly discovered flaws in browser code.

Where we are now: what Mozilla actually announced

Mozilla has formally stated that Firefox version 115 is the last supported release for Windows 7, Windows 8 and Windows 8.1, and that affected installations were migrated to the Firefox 115 ESR channel to receive critical security updates for a final maintenance window. That ESR maintenance will stop at the end of February 2026. Mozilla’s guidance is clear: users still on these legacy Windows releases are strongly encouraged to upgrade to a supported Windows release (Windows 10/11) or move to a Linux distribution if their hardware cannot run a supported Windows version.
The decision is pragmatic. Maintaining binaries, test coverage and security backports for aging kernels is expensive and becomes riskier with every modern security control that depends on APIs not present in ancient versions of Windows. Mozilla extended the ESR support multiple times to give users and organisations extra time to migrate; now the calendar has closed.

The broader industry context

This change removes what had effectively been the last mainstream vendor‑backed browser update path for Windows 7/8/8.1 users. Google Chrome and Microsoft Edge both ceased shipping updates for those same legacy OS releases in early 2023, and other mainstream browsers followed the general industry trend. With Mozilla pulling the ESR safety net, the mainstream web community now treats Windows 7/8/8.1 as unsupported platforms.
That matters not only for consumers but for IT departments and small businesses still operating legacy endpoints. Where browser vendors once tolerated extended maintenance windows, they now expect organisations to migrate to supported platforms or to accept the elevated risk of remaining on deprecated stacks.

What to do next: practical options and step-by-step guidance

If you, your family, or your organisation still run Windows 7, Windows 8 or Windows 8.1, now is the time to make a decision. The choice should be driven by threat profile, hardware capability, software compatibility and budget. Below are the realistic paths and the concrete steps for each.

Option A — Upgrade to Windows 11 (recommended where possible)

Why choose Windows 11: it receives current security updates, benefits from modern platform mitigations (Secure Boot, VBS, hardware-based virtualization protections, TPM 2.0), and maintains compatibility with current browser releases.
Steps:

Check hardware compatibility. Use Microsoft’s official PC Health Check or manually verify minimum requirements: a 64‑bit 1 GHz+ dual-core CPU or SoC, 4 GB RAM (8 GB recommended), 64 GB storage, UEFI firmware with Secure Boot, TPM 2.0, DirectX 12 / WDDM 2.0 graphics, and 720p display minimum. If your machine fails the CPU list or TPM check, it may not be eligible for a supported upgrade.
Backup everything. Always take a full backup (file-level plus system image if needed). Confirm backups are restorable.
Update drivers and firmware. Before upgrading, update UEFI/BIOS and key drivers; enable TPM and Secure Boot if the board supports them but they are disabled.
In-place upgrade or clean install. If your device is eligible, you can upgrade directly via Windows Update or install from installation media. For older machines, a clean install often yields the best results.
Post-upgrade checks. Verify drivers, apps, and peripherals, and confirm Windows Update is delivering the latest patches.

Caveats:

Many older PCs lack TPM 2.0 or a CPU on Microsoft’s approved list. Even if you meet on-paper minimums, CPU whitelists and firmware configurations are common stumbling blocks.
Some apps and legacy peripherals may require reinstallation or updated drivers.

Option B — Upgrade to Windows 10 (short-term stopgap)

Windows 10 reached its end of support on October 14, 2025, but for a narrow set of users and scenarios it may still be useful as a transitional step — for instance, if you need immediate application compatibility and have a path to later move to Windows 11.
Practical notes:

Windows 10 no longer receives mainstream feature updates and is no longer a long-term secure target; Microsoft offered an Extended Security Updates (ESU) program and temporary consumer options during late transitions. If you pursue Windows 10 as a stopgap, plan and budget to reach a fully supported OS quickly.
Upgrading to Windows 10 can be simpler on older hardware than moving to Windows 11, but it’s a temporary fix rather than a final answer.

Option C — Move to Linux (best for older hardware and longer-term safety)

If your hardware cannot meet Windows 11 requirements and you want to stay secure on a modern platform, moving to a mainstream Linux distribution is a practical option. Many distros ship a modern Firefox by default and receive long-term security updates.
Why consider Linux:

Linux distributions such as Ubuntu, Linux Mint, Debian, Fedora and others support a wide range of older hardware.
You get continuing security updates for the OS and applications, including Firefox, without the Windows vendor lock-in.
Linux is an increasingly viable option for general web browsing, office tasks, media playback and many games (Steam/Proton).

Migration checklist:

Try live media first. Boot a USB stick to test hardware and peripheral support without touching your drive.
Plan for applications. Identify must-have Windows apps. Many are available natively on Linux, via web services, or via compatibility layers like Wine/Proton.
Backup and repartition. Backup your data and create a plan for dual-boot or full replacement.
Install and update. Choose an LTS (long-term support) release if you prefer stability and extended update windows.
Learn the basics. Expect a learning curve — but modern desktop distributions are user-friendly and well documented.

Option D — Isolate and freeze (high risk, last resort)

If you must keep a machine on Windows 7/8/8.1 for a very specific legacy use case (industrial equipment, bespoke software, hardware that cannot be upgraded), reduce exposure by isolating the device:

Disconnect from the internet where possible.
Restrict browser use — consider using the machine only for the single legacy application and run a modern browser on a different, supported box.
Place systems on a restricted VLAN, use strict firewall rules and monitor traffic.

This is not a safe long-term strategy for general web browsing. It is a mitigation for specialised scenarios only.

Enterprise considerations and compliance

Organisations still running legacy OS installations have additional obligations. Compliance frameworks, regulatory standards and internal risk policies often require supported software stacks. For businesses:

Evaluate the total cost of ownership: continued legacy support costs (including custom security backports, niche vendor fees and operational risk) can exceed the price of hardware refreshes.
Use Extended Security Updates (ESU) or specialised managed services only as a time‑boxed bridge to migration.
Inventory all applications and test compatibility on target platforms before wide-scale migration.
Factor in user training and device replacement timelines; security posture declines rapidly once browsers and OSes stop receiving updates.

What happens to your browsing experience after Firefox ESR 115 EOL?

After the ESR maintenance window closes at the end of February 2026, Firefox installations running on unsupported Windows kernels will no longer receive security fixes or compatibility patches. Expect the following progressive effects:

Newly discovered browser vulnerabilities will remain unpatched on those binaries.
Some HTTPS and certificate workflows may break over time as PKI and TLS stacks evolve.
New web features and modern JavaScript/CSS behavior will not be backported — websites may render incorrectly or certain functionality will not work.
Extensions and add‑ons that depend on new browser APIs may no longer function or be installable.

There is no practical “workaround” that restores ongoing security patches for Firefox on those OS versions once Mozilla ends maintenance. Running an unpatched browser is an active security decision; it is not a neutral state.

Common questions and hard truths

Can I keep using Firefox 115 after February 2026? Yes — the binary will still run — but you will not receive any further security updates. Continuing to browse with it is increasingly risky, and the gap widens as the web and attacker techniques evolve.
Will any browser still support Windows 7? No mainstream vendor is committed to long-term support for Windows 7/8/8.1. With Mozilla ending ESR maintenance, major browsers have all withdrawn active support.
Can I apply unofficial patches or third‑party backports? Community or vendor backports may exist for niche cases, but they are not a substitute for vendor-supported updates. They carry operational and legal risks and often lack comprehensive test coverage.
Is switching to Linux going to break everything? For many users the transition is smooth, especially when daily work is web and cloud-service centric. For specialised Windows-only applications, alternatives or compatibility tools may be necessary.

Strengths and weaknesses of Mozilla’s decision

Strong points

Security-first approach. Mozilla’s move formalises the reality that maintaining secure builds for outdated kernels imposes increasing technical debt and risk.
Predictability for developers and admins. A clear cut-off date helps IT teams plan migrations and avoids indefinite, ad-hoc patch maintenance.
Reasonable transition behaviour. The ESR channel and repeated extensions gave users time to migrate while minimizing abrupt exposures.

Risks and downsides

Impact on marginalised users. Home users with old hardware or users in low-resource environments face a difficult choice: hardware replacement, learning a new OS, or accepting higher cyber‑risk.
Compatibility headaches. Some industries rely on legacy software that only runs on older Windows builds; those organisations must either re-engineer apps, virtualise, or make significant capital investments.
Potential for fragmentation. A small ecosystem of out-of-date browsers and unofficial builds may form, increasing the risk surface as attackers can tailor exploits to known unpatched binaries.

A pragmatic checklist for users right now

Find out what you’re running. If your PC is still on Windows 7, 8 or 8.1, make a list of the apps and devices you rely on.
Backup immediately. Create a verified backup before changing anything.
Decide a migration path. Choose one of the options above (Windows 11, Windows 10 temporary, Linux, or isolation) based on hardware capability and business need.
Test before you switch. Validate app compatibility and hardware support in a lab or using live USBs.
Pull the trigger on migration. Schedule the upgrade; delays only increase exposure.
If you must delay, restrict and monitor. Restrict internet access, use network segmentation and endpoint controls, and log traffic to detect anomalies.

Conclusion

Mozilla’s retirement of Firefox 115 ESR support for Windows 7, 8 and 8.1 is the end of a long, reasonable accommodation for legacy Windows users. It also marks a practical industry boundary: mainstream browser security updates will no longer be available for those old kernels. For anyone still running these operating systems, the era of quiet endurance is over — the choice is now between upgrading, migrating, or accepting a steadily increasing security risk.
If you own the hardware, the safest course is to upgrade to a supported OS (Windows 11 where feasible) or move to a maintained Linux distribution. If you manage devices for others, treat this as a priority migration project: browser security is not optional, and when vendors stop shipping patches the only truly safe options are migration or isolation. The clock has run down on the last browser safety net; now is the time to choose the path that preserves both functionality and security.

Source: PC Gamer The latest Firefox update finally ends support for Windows 7

ChatGPT · Thursday at 9:21 AM

Mozilla’s decision to close the long-running safety net for Windows 7, Windows 8 and Windows 8.1 users is now final: Firefox 115 will be the last Firefox release to run on those operating systems, and the Extended Support Release (ESR) channel that has been carrying security fixes for legacy users will be wound down into early 2026. That move completes a multi-year transition where browser vendors stopped chasing compatibility for aging Windows releases and instead focused resources on modern platforms — but it also raises immediate questions for millions of users and organizations still running older Windows builds about risk, mitigation and migration strategy.

Background / Overview

Mozilla began shipping Firefox 115 to the general release channel in July 2023. At that time, Firefox 115 was identified as the last major Firefox version with native compatibility for older Windows builds and older macOS releases. Rather than leaving those users entirely unsupported, Mozilla committed to maintaining a dedicated Firefox 115 ESR branch that backported critical security fixes so users on Windows 7, Windows 8 and Windows 8.1 could continue to get security updates beyond the browser’s mainstream lifecycle.
Over the subsequent years Mozilla extended the ESR maintenance window several times. Official Mozilla communications in 2025 made the most recent extension explicit: the ESR 115 branch will continue to receive security updates into early 2026, with scheduled ESR builds running into late February 2026 and Mozilla stating that the branch would remain supported through March 2026 while it re-evaluates the situation in February 2026. Third‑party outlets and community calendars have reported slightly different end‑of‑maintenance phrasing (some stating “end of February 2026”), which reflects how the ESR release schedule and the phrasing of Mozilla’s blog posts intersect. In practice, the last scheduled ESR builds land in late February 2026 and Mozilla’s public guidance frames March 2026 as the end of this temporary maintenance window.
Importantly, Microsoft’s own Windows lifecycle for these platforms has already closed. Windows 8.1 reached Microsoft end-of-support on January 10, 2023, and mainstream/extended servicing for Windows 7 ended earlier (with Extended Security Updates available to paying customers through early 2023). Other browser vendors — notably Google Chrome and Microsoft Edge — stopped regular support for these legacy Windows builds around early 2023, leaving Firefox as one of the last mainstream browsers to offer extended security coverage. That history is why Mozilla’s ESR 115 window has been so consequential for users clinging to older hardware or locked into legacy environments.

What Mozilla has announced and what it means

The bottom line

Firefox 115 is the last Firefox version that supports Windows 7, Windows 8, and Windows 8.1.
Firefox 115 will continue to receive security fixes via the ESR 115 branch into early 2026.
After the ESR maintenance window closes, Firefox will no longer receive any updates — security or feature — on those Windows platforms.

The nuance: February vs March 2026

Official Mozilla messaging describes the extension as lasting into March 2026 and indicates the project will re-evaluate the ESR 115 end-of-life in February 2026. The Firefox ESR schedule shows ESR builds scheduled through late February 2026 (the last builds in the branch are placed on the calendar for that timeframe). Several news outlets and community posts have reported the practical effect as “security updates scheduled through the end of February 2026,” which is accurate when read against the release calendar. For users and administrators, the prudent interpretation is to treat late February / early March 2026 as the final maintenance window — and to plan upgrades before that interval closes.

What “security updates” actually cover

ESR maintenance in this context is not feature development. Mozilla’s ESR 115 maintenance will focus on:

Patching high‑severity browser vulnerabilities that can be fixed in the ESR code base.
Security hardening relevant to the ESR baseline.
Stability and compatibility fixes required to keep the browser secure for legacy users.

This is limited maintenance; feature improvements, performance gains and modern web platform changes will not be backported. Once ESR maintenance stops, there will be no further fixes of any kind for Firefox on Windows 7/8/8.1.

Timeline recap (concise)

Firefox 115 released to Release channel — July 2023.
Firefox 115 designated as last major version to support older Windows/macOS.
Mozilla created/maintained an ESR 115 branch to deliver security fixes to legacy OSes.
ESR 115 support dates were extended multiple times; most recent Mozilla communication extends support into March 2026, with ESR builds scheduled through late February 2026 and re-evaluation planned for February 2026.
After the ESR window closes (late Feb / Mar 2026), no Firefox updates for Windows 7/8/8.1.

Who is affected?

Home users

Consumers who continue to run Windows 7, Windows 8, or Windows 8.1 on older laptops and desktops are directly affected. If you rely on Firefox for day‑to‑day browsing and cannot or will not upgrade the OS, you will receive security fixes only through the ESR 115 branch up to the maintenance cutoff — then no more.

Small businesses and organizations

SMBs that run legacy hardware or device‑locked applications (e.g., specialized manufacturing, medical devices, legacy point‑of‑sale systems) often postpone OS upgrades. Those organizations need to assess:

Whether their workflow requires internet‑facing browsers on machines with unsupported OSes.
If so, how to mitigate risk using isolation, compensating controls, or virtualization.

Enterprises

Enterprises have more options (and more constraints). Microsoft offered Extended Security Updates (ESU) for Windows 7 for up to three years after January 2020 for customers who purchased ESU; most commercial Windows 7 ESU coverage ended in early 2023. Enterprises that still operate legacy endpoints must now choose between migration, segmentation, using supported ESR/third‑party lifelines, or virtualizing legacy workloads in air‑gapped or restricted networks.

Comparison with other browsers: where Firefox stands

Google Chrome: Stopped receiving updates on Windows 7/8/8.1 with Chrome 109/110 in early 2023. No further official Chrome updates are provided on those OSes.
Microsoft Edge: The Chromium‑based Edge followed a similar timetable; Microsoft ceased full support for older consumer Windows versions and moved the product to require newer platform versions.
Firefox: Stood out as one of the last mainstream browsers to continue security maintenance for unsupported Windows builds via the ESR 115 branch.

From a user perspective, this meant Firefox provided a longer safety window than competitors. That window is now scheduled to close in early 2026.

Security and compatibility implications

Why continued browser support matters after OS EOL

Even if an operating system has reached end-of-life, browsers can mitigate some exposure by patching web‑platform vulnerabilities that do not require OS changes. For example, memory corruption bugs in the browser engine, sandbox escapes, or web API misuse often have fixes that live entirely in the browser code. That reality is why Mozilla maintained ESR 115: so users stuck on old Windows builds could still receive critical browser patches.

What stops being fixed after ESR maintenance ends

New browser vulnerabilities specific to the Firefox code line will no longer be fixed on Win7/8/8.1.
Feature gaps will widen — modern web APIs may be unavailable or behave differently compared with modern browsers.
Compatibility with modern websites may degrade over time, especially as sites adopt newer web standards and security requirements.
Third‑party security tools that rely on modern system services may not interoperate as effectively.

Practical attack vectors

Unsupported OS + unsupported browser equals growing exposure to:

Drive‑by downloads exploiting unpatched browser engine flaws.
Malicious site content leveraging obsolete TLS or cipher suite behaviors.
Supply‑chain or plugin/component vulnerabilities no longer receiving updates.

Migration and mitigation: practical advice

If you or your organization are impacted, here’s a prioritized list of actions.

Immediate (0–3 months)

Inventory: Identify all systems running Windows 7, 8 or 8.1 and record which machines require internet browsing.
Risk triage: Prioritize devices that access email, webmail, banking, cloud services or any web‑facing management consoles.
Isolate: Place legacy systems on segmented networks or behind strict firewall policies. Restrict outbound traffic to only necessary services.
Use ESR 115 now: If you must stay on older Windows builds, migrate those endpoints to Firefox 115 ESR to ensure they receive the remaining security fixes while they are available.

Short term (3–12 months)

Plan migration: Budget and schedule an upgrade to Windows 10 or Windows 11 where hardware permits. For devices that cannot meet Windows 11 hardware requirements, Windows 10 is eligible for updates through October 2025 (and Microsoft’s ESU options exist for some cases); plan accordingly.
Consider Linux: Where hardware is too old to justify a Windows upgrade, migrating to a lightweight Linux distribution (Ubuntu LTS, Linux Mint, Debian) can be a viable option. Many Linux distros support older CPUs and avoid Microsoft’s hardware limitations.
Leverage virtualization: For legacy applications that require old Windows, move them into controlled virtual machines running on a supported host OS. Keep the VM offline unless required.

Long term (12+ months)

Decommission where possible: Retire irreparably old hardware and replace it with modern devices to reduce total cost of ownership and security risk.
Standardize: Adopt a controlled lifecycle policy for endpoints so you don’t have business-critical devices drifting into unsupported territory again.

Enterprise controls and technical mitigations

Application allowlisting: Limit which executables and scripts can run.
Browser hardening: Disable unnecessary plugins, enable tracking protection and use strict privacy settings.
Network controls: Use web-filtering proxies, DNS filtering, and HTTP(S) inspection where feasible.
Endpoint protection: Keep anti‑malware signatures updated and deploy application behavior monitoring.
Virtual Desktop Infrastructure (VDI): Shift sensitive browsing to centrally managed VDI sessions on supported hosts.

These controls reduce exposure but are not permanent substitutes for running supported OS and browser combos.

Developer and web compatibility perspective

Web developers should expect a slow erosion in compatibility and performance for users remaining on old browser code lines. ESR branches do not receive modern API support, which means:

Progressive web apps, newer JavaScript APIs, and evolving security features (e.g., modern SameSite cookie semantics, new CSP directives) may behave inconsistently.
Site owners who need to support legacy clients will continue to carry extra testing and possibly serve shims/polyfills — an increasing maintenance burden.

For developers, the practical message is to encourage users to run modern browsers on supported OSes. Where legacy support is unavoidable, monitor telemetry and error reporting to keep critical flows working.

Why Mozilla kept supporting legacy Windows longer than others

Maintaining an ESR branch for old platforms is costly. It requires:

Backporting security fixes from a modern codebase into an older baseline.
Ensuring compatibility with older system APIs and libraries.
Running regression testing across legacy OS permutations.

Mozilla extended ESR 115 multiple times for three pragmatic reasons:

User protection: A non-trivial share of Firefox users still ran unsupported Windows builds; stopping abruptly would leave them unpatched.
Device longevity goals: Mozilla has publicly framed some decisions around reducing “forced obsolescence,” helping users keep older hardware usable longer.
Community feedback: Enterprise and public‑sector users flagged real migration challenges; extensions bought administrators time to migrate.

That said, Mozilla has been candid that the burden of continued support is unsustainable indefinitely — which is why the ESR schedule now approaches a firm stop date.

Risks of staying on unsupported systems and browsers

No operating system patches: Even perfect browser hardening can’t fully compensate for kernel or driver vulnerabilities.
No browser fixes after ESR: Web engine vulnerabilities fixed only in later Firefox branches won’t be backported forever.
Compliance and liability: Using unsupported software may run afoul of corporate security policies, regulatory frameworks, or insurance requirements.
Third‑party incompatibilities: Browser extensions and security tools will eventually drop compatibility with old browser versions.

Put simply: the combined absence of OS updates and browser updates moves an endpoint rapidly from “manageable risk” to “high risk” on a timeline of months after the final fixes stop.

Practical checklist: safe shutdown of end‑of‑life exposure

Audit and label all legacy devices (who uses them, for what).
Move legacy browsing to a managed, hardened environment (e.g., a locked VDI).
Replace browsers with ESR 115 immediately where applicable to consume remaining security updates.
Schedule physical hardware upgrades or OS migrations with high priority for internet‑facing devices.
For devices that must remain, enforce strict network segmentation and continuous monitoring.

Final analysis: is this the right call?

From a product and resource‑allocation standpoint, Mozilla’s decision to end Firefox support for Windows 7/8/8.1 is understandable and defensible. Backporting security fixes into an older codebase far removed from the current development line carries engineering costs and testing complexity. Continuing support indefinitely would divert effort from improving performance, security and functionality for the vast majority of users on modern platforms.
At the same time, Mozilla’s multi-step extensions showed an organizational willingness to keep the lights on while governments, enterprises and households completed migrations. That measured approach balanced user protection and developer realities. The announced early-2026 closure gives remaining users a final, concrete deadline — valuable for planning.
However, the window remaining is narrow. Organizations and individual users should treat late February / early March 2026 as the practical cutoff and plan to be off unsupported Windows and browsers well before that date. Patching after the ESR branch ends will not exist; any continued internet use on such endpoints will rapidly become a meaningful security liability.

Conclusion

The era of mainstream browser support for Windows 7, Windows 8 and Windows 8.1 is drawing to a definitive close. Firefox 115 ESR has been Mozilla’s safety valve for legacy users, but that valve is scheduled to be shut in early 2026. Users and administrators who rely on those platforms need to take decisive action: move to a supported Windows release, migrate to a lightweight Linux distribution where appropriate, or isolate legacy devices so they do not serve as attack conduits.
Mozilla’s phased, extension‑aware approach bought time and was the responsible choice given the millions still on older Windows builds. But the final act now approaches. If your machine still runs Windows 7, Windows 8, or Windows 8.1 and you use it to browse the web, treat this announcement as an urgent security deadline: upgrade, migrate, or isolate — and do it before the final ESR patches run out.

Source: The Tech Outlook Mozilla Ends Firefox Support for Windows 7, 8 and 8.1; Firefox 115 ESR Updates Continue Until February 2026 - The Tech Outlook

ChatGPT · Thursday at 12:22 PM

Mozilla has confirmed that Firefox will stop receiving security updates on older desktop operating systems — Firefox 115 ESR (Extended Support Release) is the last release that runs on Windows 7, Windows 8 and Windows 8.1, and the ESR maintenance window for that branch closes at the end of February 2026, leaving legacy Windows machines without continued Firefox patches after that point.

Background

For years, Firefox was one of the last mainstream browsers continuing to support pre‑Windows 10 desktops. That changed when Mozilla designated Firefox 115 (released July 4, 2023) as the final feature release that would run on those legacy platforms and then kept a trimmed down, security‑only maintenance path open via the ESR channel to give users more time to migrate. The ESR track was explicitly chosen so Mozilla could concentrate on security fixes without backporting new features.
Mozilla’s support page now says that Firefox 115 will continue receiving security updates through the ESR channel until around February 2026, after which the position will be re‑evaluated and — as communicated — no further regular security updates are planned for Windows 7, Windows 8 and Windows 8.1. That same ESR branch has covered older macOS builds (macOS 10.12–10.14), and those platforms have been included in the same extended maintenance window.

Why this matters: the technical and security reality

Running an unsupported browser on an unsupported OS is a stacking risk. When Microsoft stopped shipping updates for Windows 7/8/8.1, those operating systems began accumulating vulnerabilities that only OS‑level patches can fully mitigate. A browser can only do so much when the underlying platform has unpatched kernel, networking, or TLS library issues.

Attack surface remains: Unsupported OS components — old crypto libraries, outdated drivers, or missing platform security controls — increase the chances that a browser exploit can escalate or evade mitigations.
Backport complexity: Modern browsers evolve quickly. Backporting security fixes to an old codebase (and an old system API set) is expensive and often impractical; that is the core reason Mozilla has limited maintenance to the ESR branch.

Mozilla’s own messaging makes the tradeoff explicit: maintaining Firefox on unsupported systems is costly and risky, and without OS‑level patches from Microsoft (or Apple), browser updates offer diminishing returns. That is why the company set hard boundaries around the ESR 115 window and warned users to upgrade or migrate.

Who is affected

Home users on older laptops and desktops

Consumers still running Windows 7, Windows 8, or Windows 8.1 — frequently on older machines that cannot or will not be upgraded — will be directly affected when the ESR maintenance window ends. Those users will see Firefox stop receiving security patches and eventually become more attractive targets.

Enterprises and organizations with legacy fleets

Companies with specialized equipment, embedded software, or legacy applications that depend on older Windows builds will face a choice: either accept elevated risk, invest in compensating controls (segmentation, application isolation, strict filtering), or migrate workloads to supported platforms.

macOS users on 10.12–10.14

The same ESR path covered older macOS builds; those users should treat the February 2026 window as their sign to plan upgrades or migration, too.
Community and admin conversations on migration planning have already appeared in forum threads and internal advisories, with discussion of timelines, risks, and practical workarounds. Those community threads tracked the ESR schedule and recommended migration steps for home and enterprise users.

Timeline — the key dates and what changed

Firefox 115 released to the public on July 4, 2023; Mozilla explicitly marked 115 as the last feature release to support Windows 7/8/8.1 and several older macOS versions.
After July 2023, Mozilla maintained an ESR 115 branch to deliver security‑only updates to legacy platforms while modern platforms moved to newer ESR bases.
The ESR 115 support window was extended multiple times as Mozilla balanced resource constraints and user protection needs; the most recent public notices show security updates scheduled through February 2026 (with reporting around a late‑February/early‑March maintenance cutoff). Multiple independent outlets tracked that extension.
After the ESR maintenance window closes (end of February 2026), Mozilla will stop issuing security and feature updates for Firefox on those legacy OS builds.

Because some calendars and outlets used slightly different phrasing (some referring to March 2026), treat the end of February 2026 as the practical cutoff and plan migration well before that date to avoid a window of unpatched exposure.

Practical options — what you should do now

If you run Windows 7, 8 or 8.1 on any device used to browse the web, you have three practical routes. I list them in descending order of security effectiveness.

1. Upgrade the OS to a supported Windows (recommended)

Move to Windows 10 or Windows 11 if your hardware supports it. On supported Windows platforms, Firefox will continue to receive feature updates and security patches.
Check hardware requirements and drivers before upgrading; older machines sometimes need BIOS/firmware updates or driver workarounds.
If licensing is a concern, evaluate OEM recovery options or Microsoft upgrade paths. For enterprise fleets, assess compatibility with line‑of‑business apps before mass migration.

Benefits:

Retains the same user experience and applications.
Allows continued use of mainstream browsers with regular security updates.

Caveats:

Some very old hardware may not be officially supported by modern Windows releases; performance and compatibility testing is essential.

2. Shift to a modern Linux distribution (alternate path)

Many lightweight Linux distributions run well on older hardware and come with Firefox (and other modern browsers) preinstalled and maintained.
Popular user‑friendly distributions include those optimized for older machines; administrators should test peripheral and driver compatibility first.
For organizations with legacy Windows applications, consider compatibility layers (Wine) or virtualization.

Benefits:

Extends usable life of older hardware while restoring current browser security.
Often free and supported by large community and vendor ecosystems.

Caveats:

Learning curve for users and potential incompatibilities with Windows‑only applications.

3. Isolate and mitigate (temporary, higher‑risk)

If neither upgrade nor migration is possible in the short term:

Restrict legacy devices to isolated networks with strict firewalling and no direct access to sensitive systems.
Use a hardened, minimal browsing profile and disable unnecessary plugins and extensions.
Consider running web access through a secure gateway, reverse proxy, or remote browsing service (cloud‑based browser isolation) so legacy endpoints don’t directly process web content.
Deploy additional endpoint protections: endpoint detection and response (EDR), network segmentation, and strict application whitelisting.

Benefits:

Buys time for planned migration.

Caveats:

This is not a long‑term solution — isolation and compensating controls reduce risk but do not remove it entirely. Once Firefox ESR stops getting security fixes, new browser vulnerabilities cannot be patched on the legacy machine.

Enterprise checklist: migrating large fleets

Inventory: Identify all devices running Windows 7/8/8.1 and categorize by risk, usage, and upgradeability.
Prioritize: Flag high‑risk devices that access sensitive data or have internet exposure for immediate attention.
Test: Pilot upgrades to Windows 10/11 and validate critical applications, drivers, and security tooling.
Alternative planning: For non‑upgradable hardware, evaluate Linux images or repurposing hardware into segregated roles (kiosk, offline, lab).
Control plane: Update security policies, MDM/Intune profiles, and allow‑lists to reflect migration state.
Communication: Notify users of the timeline and provide clear steps, including backup and rollback procedures.

These steps should start immediately; the practical support cutoff is late February 2026 and migration projects can take months in a corporate environment. Community migration guides and forum threads have been tracking these exact steps and can provide practical checklists and scripts to speed the process.

What Mozilla actually said — the fine print

Mozilla’s support article for legacy Windows warns that:

Firefox 115 is the last version supporting Windows 7, 8 and 8.1.
Installers and auto‑update logic will move eligible legacy systems to the ESR 115 branch.
Security updates for ESR 115 will continue until around February 2026, at which point Mozilla will re‑evaluate and maintenance will cease unless a new decision is announced.

That phrasing leaves room for administrative nuance (for example: a one‑time emergency hotfix in a critical case), but it sets the expectation that regular security maintenance for those platforms will end at the stated window. Treat the schedule as a deadline for migration planning.

The risks of staying put — concrete scenarios

A high‑severity browser bug disclosed after the ESR window closes will not be patched on legacy Firefox ESR 115; attackers can weaponize that hole against machines still using that build.
Many modern web features and security standards continue evolving — sites increasingly assume modern TLS stacks, up‑to‑date certificate chains, and platform mitigations that older OSes may lack.
Browser sandboxing improvements and platform mitigations (Process mitigations, ASLR, DEP) can be weaker or absent on older systems; this makes remote code execution or privilege escalation more likely if an exploit succeeds.

In plain terms: staying on an unpatched Firefox on an unsupported Windows build is like leaving a door unlocked in a high‑crime neighbourhood — you may get lucky for a while, but odds and impact become worse over time.

Workarounds that won’t fix everything (and why)

Using an alternate browser: Many browsers already dropped Windows 7/8 support earlier. Switching to another browser that still supports legacy Windows is unlikely to be a durable strategy.
Relying on patched extensions or plugin sandboxes: Extensions cannot fix core browser or OS vulnerabilities.
Turning off JavaScript or using content blockers: These reduce attack surface but break many modern websites and are not a substitute for security patches.

All of these measures are partial mitigations. The only robust fix is moving to a supported OS or isolating legacy machines from sensitive resources.

Migration stories: lessons from the field

Community reporting and forum posts show several practical patterns:

Users who migrated older machines to Linux regained modern browsing support and usable performance on hardware older than a decade.
Organizations that delayed upgrades faced last‑minute surges of helpdesk tickets when browser and TLS incompatibilities arose on critical internal web apps.
Administrators who built a migration runway — pilot, test, phased rollout — encountered fewer surprises and a smoother transition.

Those threads and migration guides are rich with scripts, rollback advice, and distribution recommendations for users considering Linux alternatives or lightweight Windows upgrades. If you are planning a migration, consult community resources for tested images and driver‑workarounds.

How to check your situation (quick steps)

Determine your Windows version: open Settings → System → About, or run winver. If it reports Windows 7, Windows 8, or 8.1, you are on the legacy list.
Check Firefox version: open Firefox menu → Help → About Firefox. If you are on an ESR 115.x release, you are on the legacy ESR track.
If you cannot upgrade: evaluate Linux live images and test booting from USB to see hardware compatibility before changing your drive.
Back up important data before any OS upgrade or migration.

These checks are the first practical steps toward a secure posture before the ESR window closes.

Final analysis — why this is a sensible but difficult decision

Mozilla’s choice to retire active maintenance for legacy Windows and older macOS versions is a balance of security responsibility and engineering sustainability. Backporting modern security fixes to an old codebase while also contending with unsupported OS APIs and platform bugs is exponentially more expensive than maintaining current platforms.
Strengths of Mozilla’s approach:

It preserved a secure browsing path for legacy users for a multi‑year transition period via Firefox ESR 115.
The ESR model reduced feature churn and allowed focused security backports for legacy installs.
Mozilla provided clear guidance and migration options (upgrade Windows or switch to Linux).

Risks and tradeoffs:

The extension approach can create a false sense of long‑term safety for users who delay migration.
A staggered, multi‑extension schedule created calendar ambiguity (February vs March 2026 references), complicating planning for some administrators. Treat the end of February 2026 as the pragmatic deadline.

Overall, Mozilla’s final cut‑off is understandable from an engineering and risk management perspective — the long tail of legacy OS support was always temporary. But the practical impact is real: many devices will require decisions now rather than later.

Conclusion — an action plan you can follow this week

If you are on Windows 7/8/8.1, set a plan: target an OS upgrade or migration well before February 28, 2026.
For enterprise administrators, start inventory and pilot upgrades now; prioritize internet‑facing or data‑handling devices.
If hardware blocks an upgrade, test a Linux distribution on the hardware and validate peripherals and line‑of‑business tools before switching.
If you must keep legacy machines in place short‑term, isolate them, restrict browsing, and enforce network and application controls.

Mozilla’s ESR decision closes a chapter for legacy desktop support but gives a clearly time‑boxed runway to move to safer platforms. Use that runway — and don’t leave your browsing security to chance once the ESR maintenance window closes.

Source: Techlusive Mozilla Firefox to end support for THESE devices

ChatGPT · Thursday at 4:21 PM

Mozilla has confirmed that Firefox will no longer receive security updates on older desktop Windows releases: Firefox 115 (ESR) is the final build that runs on Windows 7, Windows 8, and Windows 8.1, and Mozilla’s Extended Support Release maintenance for that branch is scheduled to stop at the end of February 2026 — leaving devices that remain on those legacy operating systems without further Firefox patches after that date. ([support.mozilla.orzilla.org/kb/firefox-users-windows-7-8-and-81-moving-extended-support)

Background

For more than three years, Firefox has been the last mainstream browser to offer continued security support for pre-Windows 10 desktops. When Mozilla shipped Firefox 115 in July 2023 it explicitly designated that release as the last feature build compatible with Windows 7, 8, and 8.1, then moved affected users onto the Firefox Extended Support Release (ESR) 115 branch so the organization could provide security backports without keeping current code paths compatible with these legacy platforms.
Mozilla has iteratively extended the ESR 115 maintenance window several times as it balanced the engineering cost of backporting fixes with the reality that a non-trivial number of Firefox users still run older Windows releases. The company most recently documented an extension that kept ESR 115 updates available for legacy Windows and some older macOS releases into early 2026, but that runway now ends: the official support page and recent release calendar entries show updates delivered through the ESR channel until roughly the end of February 2026, after which Mozilla will end security updates for those systems.
Community reactions and troubleshooting guides have been building across forums and help sites as the end-of-maintenance date approached, with migration advice and risk analyses shared by both users and administrators.

What exactly changed — the technical facts

Final supported Firefox version: Firefox 115 is the last Firefox release that runs on Windows 7, Windows 8, and Windows 8.1. Users on those systems are placed on the ESR 115 update channel rather than the normal release stream.
End of security updates for legacy Windows via ESR: Mozilla will provide security updates for the ESR 115 branch only through the end of February 2026; after that point, Firefox binaries running on Windows 7/8/8.1 will stop receiving security patches from Mozilla. The support article references February 2026 as the maintenance endpoint.
Why ESR was used: ESR allowed Mozilla to centralize backports to an older code base (115), avoiding the complexity of keeping the modern code line compatible with unsupported Windows internals and libraries. That made temporary, targeted security support feasible but increasingly expensive over time.
User-facing impact beyond security updates: Older ESR builds will eventually stop receiving root-certificate updates and remote content verification fixes that underpin add-ons, DRM playback, and update-delivery mechanisms — producing functional limitations even before an active exploit hits unpatched vulnerabilities. Mozilla and other reporting outlets have warned that affected Firefox installs may lose some features related to add-ons and DRM if critical certificate chains expire.

Timeline and the date question: Feb 2026 vs March 2026

There has been some variance in how the end-of-support window has been described in public reports. Mozilla’s support pages and its release calendar specify that security updates for ESR 115 are scheduled through the end of February 2026, while a September 2025 Future Releases blog pnsion that covered “until March 2026” for certain legacy platforms. Independent coverage has reflected these differing wordings, and reporting outlets have used both “end of February 2026” and “March 2026” when summarizing Mozilla’s staggered extensions. Readers should treat end of February 2026 (February 28, 2026) as the operational deadline Mozilla lists on its support documentation and release calendar; the organization said it would re-evaluate the ESR 115 lifecycle in early 2026.
Because this nuance matters for admins planning patch windows, treat the end-of-February phrasing as the authoritative planning date and expect Mozilla to publish any last-minute clarifications on the ESR release calendar and support pages.

Why Mozilla pulled the plug

Mozilla’s decision is pragmatic and technical rather than ideological. Key reasons include:

Microsoft ended mainstream support for Windows 7/8/8.1 in January 2023, which removed official platform security updates and made it risky for any third-party vendor to promise indefinite compatibility without significant engineering cost. Maintaining backports into a diverging codebase requires disproportionate manual effort.
Backport complexity escalates over time. The further ESR 115 drifts from Firefox’s rapid-release code base, the harder it becomes to transplant fixes — particularly those which rely on modern APIs or newer cryptographic libraries.
Security liability. Running a modern browser on an EOL OS exposes users to kernel and OS-level vulnerabilities that browser patches alone cannot mitigate; Mozilla judges that keeping a full maintenance program open-ended for unsupported OSes is both costly and potentially harmful for users who might assume continued protection.
User distribution. Mozilla repeatedly extended ESR 115 because a measurable minority of Firefox users — on the order of low-single-digit percentage points historically — continued to run those older Windows releases. Extensions were a compromise to give users transition time while minimizing permanent engineering commitments.

Security and functional consequences for users who do not upgrade

If you keep using Firefox 115 ESR on Windows 7/8/8.1 after Mozilla ends ESR maintenance, expect the following:

No new security patches from Mozilla. Any future Firefox vulnerability discovered after the ESR maintenance cutoff will not be patched for binaries running on those old Windows builds. That leaves browsers exposed to remote code execution, sandbox escapes, and other web‑driven attacks.
Feature degradation from certificate and update changes. Older Firefox releases rely on certificate chains and update infrastructure that have finite lifetimes. When root certificates or signing tokens are rotated, legacy builds can lose the ability to accept add-on updates, validate signed content, or play DRM-protected media. Reports from earlier certificate expiry windows show these functional impacts can arrive before an outright security gap is exploited.
Wider attack surface from unsupported OS. An unsupported browser on an unsupported OS compounds risk: even if Mozilla were to continue patching the browser, the underlying operating system will not receive Microsoft fixes for vulnerabilities that enable privilege escalation or kernel compromise. Browser protections can be bypassed when OS-level mitigations are missing.
Compatibility and web standards drift. As the web platform evolves, older rendering engines and JavaScript engines will fall behind. Sites using modern APIs, secure transports, or newer TLS ciphers may break or behave unpredictably. This is a functional degradation rather than a direct security exploit, but it reduces the usefulness and safety of continuing to browse on legacy setups.

What users should do now — practical, prioritized options

If you (or your organization) still have machines running Windows 7, 8, or 8.1, here are clear, high-value paths forward. Apply the numbered checklist that matches your situation.

If you can upgrade the OS on the same hardware

Check hardware compatibility for Windows 10/11. Confirm CPU, TPM and disk requirements for the target Windows release. If the hardware meets requirements, prefer a clean Windows 10/11 installation or in-place upgrade where supported.
Backup user data and Firefox profile. Export bookmarks, synchronize your Firefox Account, or manually copy the Firefox profile folder to a secure backup location.
Upgrade to Windows 10/11 and reinstall the latest Firefox release. Once on a supported Windows release, move to the current Firefox release channel or ESR 128+/future ESR. That restores full update coverage and modern features.

If you cannot upgrade to a newer Windows version on that hardware

Move to a supported Linux distribution. Most contemporary Linux distros (Ubuntu, Fedora, Linux Mint, Debian derivatives) will run on older hardware and include modern Firefox packages. Mozilla recommends Linux as an option for machines that cannot reasonably upgrade Windows.
Use the machine offline or behind strict network controls. If hardware constraints prevent an OS upgrade or Linux install, consider isolating the device from general internet use, apply robust network filtering, and avoid logging into sensitive services. This is a containment strategy, not a long‑term safe solution.

If you manage multiple machines (small business / enterprise)

Inventory all endpoints. Identify which machines run Windows 7/8/8.1 and which software (especially browsers) they use. This is the highest-leverage activity.
Prioritize upgrade by exposure. Put high‑risk endpoints (public-facing, remote worker, admin consoles) at the top of your migration calendar.
Consider paid Microsoft Extended Security Updates (ESU) where available and economically sensible — ESUs are a stopgap, not a permanent fix. Evaluate ESU cost against replacement hardware or OS upgrades.
Set group policy to block legacy browsers from processing sensitive web properties or allowlist only modern user agents where possible during the transition.

Migration checklist — step-by-step (consumer and small business)

Run a discovery: open Firefox > Help > About Firefox to note version and channel (ESR 115). Check Windows version via System settings.
Sign in to a Firefox Account and sync bookmarks, tabs, logins, and preferences to transfer them safely.
Export or copy the profile folder manually if you prefer an offline migration.
Back up critical files (Documents, Desktop, AppData as needed).
Confirm installer media and license availability for target OS (Windows 10/11 or Linux ISO).
Perform the OS upgrade or fresh install, restore user data, and install the latest supported Firefox.
Re-enable security controls: antivirus, disk encryption, and automatic updates.
Decommission or repurpose the old OS image only after verifying the new environment’s integrity.

Enterprise considerations: policy, compliance, and testing

Large organizations face distinct constraints: legacy line-of-business software, regulatory windows, and long procurement cycles. For IT decision-makers:

Document risk acceptance. If a device must remain on an unsupported configuration for operational reasons, record the business justification, mitigation steps, and a sunset date.
Test internal web apps against modern browser builds. Some legacy web applications were written against older browser behaviors; use a staging environment to validate function in current Firefox or Edge before mass migration.
Apply compensating controls. Where OS replacement is impossible, tighten network segmentation, multifactor authentication, just-in-time administrative access, and endpoint detection controls to reduce attack surface.
Budget for OS refresh cycles. The recurring costs of backporting and custoxceed the one-time cost of hardware refresh or virtualization strategies that host legacy apps on modern infrastructure.

The ecosystem effect: browsers, web developers, and device obsolescence

Mozilla’s decision follows industry trends and has ripple effects:

All major Chromium-based browsers had already stopped supporting pre‑Windows 10 desktops, leaving Firefox as one of the last mainstream lifelines for legacy Windows users. That made Firefox’s ESR policy significant because, in practical terms, it kept a usable, actively maintained browser available for many older machines — at least until now.
Web developers can accelerate deprecation of old APIs. The removal of a widely available modern browser on legacy Windows creates stronger incentive to adopt progressive enhancement and feature detection, or conversely to increase pressure on organizations that cannot upgrade.
Pressure on hardware vendors and refurbishers. The long-tail of older consumer hardware is persistent; decisions like Mozilla’s increase the urgency for markets that refurbish and repurpose older devices, and for community projects that provide alternate operating systems (notably Linux) to extend useful life.

Risks, caveats, and unverifiable points

Several public reports quoted either “end of February 2026” or “March 2026” when summarizing ESR 115’s lifecycle. Mozilla’s support page and the ESR release calendar are the reference documents; where reporting differs by a few days, treat the support page as authoritative and watch Mozilla’s release calendar for any last-minute adjustments. This is an important operational nuance for administrators scheduling final patch windows.
Some community-sourced timelines and forum posts discussing migration techniques and local adaptations reflect user experience rather than formal Mozilla policy; use those as practical guidance but confirm policy-level decisions against Mozilla’s official channels.
Anything suggesting an immediate exploit or zero-day uniquely affecting ESR 115 on legacy Windows should be treated cautiously untl advisories are published and verified by vendor advisories or CERTs. We flagged certificate- and DRM-related functional impacts earlier because Mozilla and multiple reporting outlets specifically documented them.

Quick FAQ (clear answers for common reader questions)

Q: “Can I keep using Firefox 115 on Windows 7 after February 2026?”
A: Technically yes, but it will no longer receive security updates from Mozilla; that is an untenable long-term security posture for browsing.
Q: “Will Chrome or Edge remain on these old Windows versions?”
A: No. Chromium-based browsers and Edge dropped official support for those older Windows editions earlier; Firefox’s ESR extension was the last broad vendor-level safety net.
Q: “If I switch to Linux, will I still get Firefox updates?”
A: Yes. Modern Linux distributions ship recent Firefox builds and receive updates through distribution packages or Mozilla’s own releases. This is a frequently recommended option for hardware that cannot run a supported Windows.

Final analysis: why this matters and what to prioritize

Mozilla’s end-of-support decision closes one of the last vendor-maintained safety nets for legacy Windows users. The change is consequential because it forces a practical choice: either move to an actively supported platform (Windows 10/11, modern Linux) or accept increasingly severe security and functional degradation. For individuals, the right move is usually a direct upgrade or a migration to Linux where hardware is constrained. For organizations, the stakes are higher: inventory, patched replacement, and compensating control strategies must take priority.
The broader lesson is one the Windows ecosystem has been pointing toward for years: modern web security depends on the entire stack — browsers, runtimes, and operating systems — all receiving timely updates. When any layer becomes defunct, maintaining the others becomes increasingly impractical and risky.
If you are responsible for one or more affected devices, treat this as an actionable deadline: catalog endpoints, back up profiles and data, and schedule OS upgrades or migrations well before February 28, 2026 to avoid an abrupt stop to browser security support.

Mozilla’s pragmatic retreat from legacy Windows support may inconvenience users clinging to older machines, but it reflects a technical reality: indefinite maintenance of modern browsers on unsupported operating systems is not sustainable. The time to plan and act is now — a few months’ runway remains, and the migration path is straightforward if you follow a prioritized, methodical approach.

Source: Mezha Mozilla ends support for Firefox on older versions of Windows

ChatGPT · Thursday at 10:21 PM

Mozilla has drawn a firm line under one of the last mainstream lifelines for legacy Windows desktops: Firefox 115 (ESR) will be the final Firefox release that runs with official security updates on Windows 7, Windows 8, and Windows 8.1, and Mozilla has said that security updates delivered through the ESR channel will stop around the end of February 2026. ([support.mozilla.orzilla.org/kb/firefox-users-windows-7-8-and-81-moving-extended-support)

Background

For years, Firefox has been the browser that many users relied on to keep older Windows PCs usable and — crucially — safer than they would otherwise be. After Mozilla designated Firefox 115 as the last feature release compatible with pre–Windows 10 platforms, the project maintained an Extended Support Release (ESR) branch to deliver security fixes to those users for a limited, time‑boxed period. That ESR safety net has been extended more than once as Mozilla balanced the cost and risk of backporting security fixes against the reality that millions of devices still run legacy Windows.
Microsoft ended official support for Windows 7, Windows 8, and Windows 8.1 on January 10, 2023. Once the platform vendor stops issuing security patches, every third‑party product that continued to support those platforms was building its own protective workarounds on increasingly brittle foundaished guidance explicitly ties its decision to that reality: unsupported operating systems do not receive platform security updates, and keeping a modern, secure browser running on top of them becomes costly and risky.

What changed, exactly — and why it matters

The technical cutoff

Firefox 115: designated as the last feature release to support Windows 7, 8, and 8.1.
ESR maintenance window: Mozilla’s support pages and communications state that ESR 115 will receive important security updates only until the end of February 2026 (with related Mozilla communications referencing an adjacent March 2026 maintenance window in some posts). That maintenance window is the final safety net for legacy desktop users.
After the cutoff: No further Mozilla security updates will be provided for Firefox running on those Windows versions. That leaves any remaining users without browser‑level patches from a major vendor.

Why Mozilla pulled the plug

Maintaining a modern browser on an unsupported operating system isn’t just an engineering headache — it’s a security multiplier problem. Kernel-level and platform services that go unpatched by Microsoft create persistent attack surfaces. Backporting fixes becomes more complex as engine and API assumptions diverge, and shipping new mitigations for memory safety, TLS, or platform cryptography on old OS builds rapidly increases maintenance cost with diminishing returns. Mozilla framed this plainly: supporting outdated OSes is costly and risky for users and the organization.

The landscape: Firefox was the last major vendor

By the time Mozilla wound down mainstream support, Chromium‑based browsers and Microsoft Edge had already stopped s/8.1; Chrome’s last version compatible with those OSes was Chrome 109, and Edge likewise ceased updates for those platforms around the same time. That left Firefox’s ESR channel as the last acnstream browser for many legacy Windows machines — a unique position that made Mozilla’s ESR extensions consequential for a lot of users. With ESR 115’s end of updates, that last vendor safety net will disappear.

Immediate security and compatibility implications

Short‑term (until the ESR window closes):

Users on Windows 7/8hould confirm they’re on Firefox 115 ESR and keep automatic updates enabled while Mozilla is still issuing patches. Those ESR point releases will include security fixes that matter.
Patching other software (antivirus/endpoint agents), restricting network exposure, and reducing attack surface (disabling unnecessary services) remain essential stopgaps.

Longer term (after the ESR cutoff):

Browsing from Windows 7/8/8.1 without a vendor‑patched browser means increasing exposure to browser zero‑days, TLS incompatibilities, and web feature deprecations that will not be addressed by Mozilla or other major browser vendors. Over time, users should expect more sites to fail or display security warnings as certificates, protocol versions, or feature dependencies diverge.

Security reality check: a patched browser helps, but it’s not a cure-all. Unpatched platform components — the kernel, drivers, and system services — still expose users to compromise even if the browser itself is patched. For organizations, that means the risk model shifts from browser vulnerability coverage to systemic platform risk.

Who is affected?

Consumers and home users

Many consumer installations of Windows 7/8.x are on older laptops, netbooks, or refurbished PCs kept for light web use. Some users have intentionally avoided upgrades because of hardware comp preference, while others simply delayed migration. These users will now face a hard choice: keep running an unsupported OS and accept rising risk, or move to a supported platform. Mozilla explicitly recommends upgrading to a supported Windows version or switching to a Linux distribution where appropriate.

Small businesses and legacy systthat standard‑issued older hardware or that depend on legacy applications — particularly locally run line‑of‑business software that may not run on Windows 10/11 — will feel a sharp impact. Many of these organizations relied on Firefox ESR to buy time. With ESR 115 reaching its EOL, they must decide whether to:

modernize the application stack,
buy replacement hardware that can run supported Windows, or
switch to a Linux-based environment or virtualization strategy.

Enterprises and regulated environments

Enterprises typically use centralized asset management, can apply compensating controls (network segmentation, strict filtering, endpoint detection), and often run vendor‑approved mitigation strategies. Nevertheless, security teams will now face a narrowing set of options for any residual Windows 7/8.x endpoints. Compliance teams must account for the lack of browser vendor patches in their risk registers and remediation plans.

Migration options: practical, realistic, and ranked

There is no single right answer; the best path depends on hardware capability, application compatibility, and operational constraints. Below are practical options, prioritized by safety and long‑term maintainability.

Upgrade to a supported Windows release (Windows 10 or 11)
Pros: Preserves Windows compatibility for legacy apps where supported; allows continuing to receive browser and OS security updates.
Cons: Hardware may not meet Windows 11 requirements; in-place upgrades can break legacy applications. Plan tests before broad rollout.
Note: Microsoft’s official end‑of‑support dates and desktop upgrade tools are essential inputs for migration planning.
Move to a Linux distribution (Ubuntu, Fedora, Debian, Linux Mint, etc.)
Pros: Many modern Linux distros run efficiently on older hardware; most ship Firefox or make it easily available; active security updates are available for the OS and browser.
Cons: Application compatibility gaps for Windows‑only apps; user retraining; peripheral driver issues (Wi‑Fi, printers) may require troubleshooting.
Tip: Consider Ubuntu LTS or Linux Mint for desktop users who want a gentler transition; test critical peripherals and applications first. Mozilla itself signals Linux as a valid alternative for hardware that cannot take Windows 10/11.
Virtualize older Windows inside a modern host
Pros: Runs legacy Windows and apps in an isolated VM while keeping the host OS patched; reduces attack surface on the host.
Cons: Older hardware may lack capacity for smooth virtualization; virtualization does not remove the need to patch the VM OS; some hardware‑dependent apps (specialized USB dongles, serial devices) can be problematic.
Implementation: Use Hyper‑V, VirtualBox, or VMware Workstation depending on host OS. Ensure the VM is isolated from high‑risk browsing tasks.
Use a dedicated device for risky browsing and another for sensitive tasks
Pros: Compartmentalization reduces the blast radius of a compromise.
Cons: Operational overhead of multiple devices; not always practical for small organizations.
Accept risk and continue running legacy OS + ESR 115 (short‑term)
Pros: Minimal immediate disruption.
Cons: Exposure grows over time; unsupported platform risk remains; this is a stopgap, not a plan.

A practical migration checklist (for IT teams and informed power users)

Inventory: Identify all devices still running Windows 7/8/8.1. Record hardware specs, installed applications, and peripheral dependencies.
Categorize: Classify endpoints by suitability for upgrade (Windows 10/11 capable), virtualization, or replacement.
Test plan: Build t OSes and test critical applications and printers.
Backup strategy: Ensure reliable backups before any OS upgrade or reinstallation.
Security hardening: Until migration, enforce application whitelisting, strict browser policies, endpoint detection/response, and network segmentation.
User communication: Provide clear timelines and support windows; include training materials if moving to Linux.
Timeline: Prioritize high‑risk devices (internet‑facing, administrative, or with sensitive data) for the earliest migration.
Post‑migration validation: Verify patch status, browser versions, and logging/monitoring on migrated endpoints.oncerns: risk, compliance, and cost

For regulated organizations, the disappearance of vendor browser updates for legacy Windows matters beyond convenience. Unsupported environments raise compliance flags for data protection frameworks that demand up‑to‑date software and demonstrable patch programs. Security teams must now treat any remaining Windows 7/8.x endpoints as higher risk and document compensating controls. Expect auditors to ask for evidence of migration plans, exception handling, and continued monitoring.
Cost calculus: organizations that relied on ESR as a low‑cost delay tactic now face capital and operational expenses — buying new hardware, migrating applications, or accepting the higher insurance and remediation costs of running unsupported platforms. These are real budget items and should be scheduled into fiscal planning.

Practical troubleshooting and compatibility notes

TLS and certificate changes: Over time, servers and browsers may change accepted cipher suites and root certificates; legacy browsers will drift and may fail to connect securely. Expect intermittent failures and hard security warnings on some sites.
Browser extensions and plugins: Many legacy extension APIs have been removed or changed; ESR 115 will continue to run many older extensions but cannot forever emulate new browser features developers expect.
Web compatibility: New HTML/CSS/JS features and performance optimizations will be unsupported in older rendering engines, which may degrade user experience on modern sites.

Why switching to another browser isn’t a long-term escape

Some users will wonder whether switching to Chrome or Edge will keep them safe longer. The reality is stark: Google Chrome and Microsoft Edge already ceased support for Windows 7/8/8.1 in early 2023, and Chrome’s last compatible release for these OSes was Chrome 109. That means those browsers will not receive security updates for those platforms and are not an alternative to Mozilla’s ESR window. In short, ESR 115 was the last mainstream browser safety net.

The communication timeline and the messaging messengers

Mozilla’s decision was not abrupi‑stage schedule of deprecations and ESR extensions. Early plans had envisioned a September 2024 cutoff for ESR 115, but that timeline was extended — first into 2025, and later again into the 2026 maintenance window — as Mozilla balanced user impact and engineering practicality. That history explains why some secondary sources and social posts may reference different end dates; users should rely on Mozilla’s official support documentation for the most current position.
Caveat: Mozilla’s public posts include both a blog announcement and the Help/Support documentation; in practice, the Help pages are the authoritative troubleshooting and lifecycle resource and often reflect the latest stance. Where timing matters (for example, if an organization is scheduling migration work), verify against Mozilla’s support documentation and your internal change control records.

What this means for the wider ecosystem

This moment closes a chapter in the long decline of older Windows desktop versions. Browser vendors are not only shipping features; they are also responsible for rolling mitigations for newly discovered browser‑level vulnerabilities. When the last vendor withdraws, the practical viability of remaining on those OSes for general web use collapses.
For the web ecosystem, the normalization of modern platform baselines enables richer features and stronger security primitives. But it also shifts burden and cost onto those holding the tail‑end of legacy infrastructure: small organizations, refurbishers, and individual users running older hardware. That tension is at the heart of decisions like Mozilla’s — balancing access and inclusivity against engineering feasibility and platform safety.

Strengths and risks of Mozilla’s approach — a critical appraisal

Strengths

Clear, time‑boxed deprecation: Mozilla gave multiple notices and extended ESR to reduce abrupt breakage, which helped users plan and prevented an immediate desertion to insecure browsers.
User‑centric alternatives: Mozilla explicitly recommended upgrading Windows or moving to Linux, and continued to supply ESR safety patches while migration pathways were worked out.
Engineering prudence: Pulling support reduces long‑term maintenance debt and allows Mozilla to focus resources on mecurity models.

Risks and downsides

Transition cost: For households and small businesses, the cost of hardware replacement or application modernisation can be material and immediate.
Residual exposure window: Even with ESR patches, running an unsupported OS still leaves kernel and driver vulnerabilities unaddressed — a reality Mozilla acknowledges and which cannot be fully mitigated by browser patches alone.
Messaging friction: Muld extensions (September 2024, March 2025, February/March 2026) created confusion and the potential for inconsistent third‑party reporting; that makes migration planning harder for non‑technical users.

Where Mozilla could have done more: a coordinated industry transition plan (vendor interop, clearer enterprise guidance, or tools to assess upgradeability) would reduce friction. That said, the burden ultimately rests heavily on platform vendors and the vast installed base of legacy devices.

Final verdict and practical closing advice

Mozilla’s announcement is a practical, if uncomfortable, convergence: platform vendors and browser vendors are now aligned that Windows 7/8/8.1 are unsupported in the mainstream ecosystem. Firefox ESR 115 bought additional time for leftover devices, but that window is closing. Users and organizations must treat the ESR cutoff as a hard deadline for planning migration or accepting rising and unmanaged risk.
Action items — immediate:

Check your devices now: identify Windows 7/8/8.1 endpoints and confirm Firefox 115 ESR status.
Prioritize upgrades for internet‑facing and sensitive systems.
If hardware is incapable of running supported Windows, evaluate Linux as a practical and secure alternative; test and migrate critical workflows before the ESR maintenance window ends.

Mozilla’s move is the end of an era — and the start of a necessary cleanup. The web continues to evolve rapidly; maintaining safe, modern browsing experiences requires modern, supported platforms underneath. Readiness is not optional: plan now, test early, and protect your users before the last window closes.

Source: heise online Mozilla definitively cuts Firefox support for Windows 7, 8, and 8.1

ChatGPT · Friday at 12:12 AM

Mozilla’s long-running safety net for older Windows desktops is being withdrawn: Firefox 115 (the last build that will run on Windows 7, Windows 8, and Windows 8.1) will no longer receive routine security updates after the ESR maintenance window closes in late February / early March 2026, leaving legacy Windows installations without official Firefox patches and forcing affected users and organizations to decide how they will stay safe online.

Background / Overview

For years Firefox was one of the few mainstream browsers that continued to run and receive security fixes on legacy Microsoft desktop releases. That posture changed with the release of Firefox 115, which Mozilla designated as the final feature release compatible with pre‑Windows 10 desktop operating systems and moved those installations to an Extended Support Release (ESR) channel that receives security-only backports. Over the past three years Mozilla repeatedly extended maintenance of the ESR 115 branch for legacy platforms; the most recent plan keeps security updates available only through the ESR maintenance window that ends around the end of February 2026 (with Mozilla’s public-facing communications framing the extension as running into March 2026 and promising a re-evaluation earlier that month).
The practical result is simple and stark: after the ESR maintenance window closes, Firefox users on Windows 7, Windows 8, and Windows 8.1 will be running a browser that will no longer receive security patches from Mozilla. That changes the threat calculus for those machines: continued browsing from an unpatched browser running on an unsupported operating system adds up to a very high‑risk configuration. Community reporting and local coverage have already reflected the change and the urgency users face.

Why this matters: security, compatibility, and the end of the “last browser standing”

The security picture: browser patches reduce but do not eliminate risk

A maintained browser is a critical layer of defence: modern browsers protect againn, isolate web content in sandboxes, and keep up with evolving TLS, certificate, and web‑platform security requirements. Mozilla’s ESR 115 has been acting as a time‑boxed safety net — delivering backported security fixes so legacy Windows users could remain reasonably protected while they planned migrations. Those patches lower exposure to browser‑level vulnerabilities, but they cannot repair an unsupported kernel, drivers, or platform services that no longer receive vendor patches. In short, a patched browser on an unpatched OS is safer than an unpatched browser on an unpatched OS, but it is not "safe" by modern standards.

Compatibility and the web’s forward march

Web standards and services evolve rapidly. Over time older browsers lose compatibility with new APIs, stricter certificate validation, and modern cryptographic requirements. Maintaining full compatibility against modern web platform changes in an old codebase is increasingly expensive and fragile; that’s the technical reason vendorporting fixes and new protocols into old releases. Mozilla chose ESR as a pragmatic compromise—security patches but no feature development—until the cost/benefit no longer justified continued maintenance.

The last mainstream vendor: what’s changed

Most Chromium‑based browsers ended broad support for pre‑Windows 10 releases earlier. Firefox’s ESR extensions kept a maintenance path open for a shrinking but still material slice of users. With ESR 115’s maintenance window closing, mainstream browsers will no longer offer active, vendor‑supplied browser patches for those Microsoft desktop releases. That means the end of "mainstream" vendor support across the board for these legacy desktops.
-we got here (concise)

July 2023 — Firefox 115 ships and Mozilla designates 115 as the last feature release that will run on Windows 7/8/8.1; affected systems are migrated to the ESR channel.
2024–2025 — Mozilla extends ESR 115 maintenance repeatedly as usage and operational realities are reviewed. Multiple public updates pushed the ESR window several times.
September 4, 2025 — Mozilla publishes a Future Releases note extending ESR 115 support for legacy Windows and older macOS builds through March 2026, and scheduling a re‑evaluation in early 2026.
February 2026 (late February / early March) — ESR 115 maintenance for Windows 7/8/8.1 is scheduled to end; after that date vendors will not provide new Firefox security updates for those OS builds. Users should treat the end of February 2026 as the hard planning milestone.

The facts you need — clearly and precisely

Final compatible Firefox release for Windows 7, Windows 8 and Windows 8.1: Firefox 115 (ESR).
Maintenance window for security updates on those legacy OS builds: through late February / early March 2026 (Mozilla’s public schedule frames the extension as through March 2026, with ESR branch builds scheduled up to late February 2026; interpret the safe cutoff as the end of February 2026 and plzilla.org]
After the cutoff: no further Firefox security updates will be provided by Windows 8, or Windows 8.1.
Why: long‑term maintenance of modern browser security in legacy OS environments is expensive, difficult to test, and risky because the underlying operating system no longer receives vendor patches. Mozilla repeatedly cited these operational realities when extending ESR 115 only as a time‑boxed exception.

Cross‑checked sources and how they agree

Mozilla’s official support documentation and Future Releases blog are the primary authoritative records of ESR policy and the final‑version designation. Community and reporting sites — including aggregated technical outlets — track the ESR release calendar and the successive extensions; each independent outlet that has covered this change reaches the same core conclusion: ESR 115 is the last Firefox release for the named legacy Windows versions, and the ESR maintenance window closes around late February / early March 2026. Examples of the reporting that corroborates Mozilla’s position include news coverage and community guides that explicitly reference the ESR schedule and the re‑evaluation timeline.
Note: earlier coverage and forum posts recorded several rolling end‑dates as Mozilla extended the ESR window multiple times; that produced inconsistent secondary reporting (some outlets cited March, some Feb), which is why the safest and most pragmatic interpretation for administrand of February 2026 as the deadline for migration planning.

What this means for everyday users (short, actionable guidance)

If you run Windows 7, Windows 8, or Windows 8.1 and you use Firefox:

Confirm you are on Firefox 115 ESR and that automatic updates for ESR are enabled while patches are still being issued.
Treat the end of February 2026 as the planning cutoff: finish migrations or implement risk mitigations before then.
If your PC can run a supported Microsoft release, upgrade to Windows 10 (supported through October 14, 2025) or Windows 11; for machines that cannot, consider migrating to a supported Linux distribution that receives security updates and can run a modern Firefox build. Mozilla itself recommends upgrading or switching to supported Linux distros when Windows upgrades aren’t feasible.

Practical migration and mitigation checklist for consumers and IT admins

Below is a prioritized, pragmatic plan to move off the ESR safety net or to minimize exposure if migration will take time.

Step‑by‑step migration checklist (recommended order)

Inventory and scope: Identify all desktops still running Windows 7, 8, or 8.1 and list installed browsers, critical apps, and hardware constraints.
Risk triage: Classify machines by role — internet‑facing endpoints (high priority), internal only (medium), air‑gapped/isolated (lower priority).
Upgrade where possible: Test and upgrade compatible devices to Windows 10/11. If hardware prevents direct upgrades, evaluate clean installs or replacement.
Profile migration: Use browser sync (Firefox Account) or profile export tools to move bookmarks, passwords and settings to a new browser on a modern OS.
For unsupported hardware: Evaluate modern, lightweight Linux distributions (e.g., distributions that ship with current Firefox builds) as an alternative to expensive hardware refresh.
Short‑term hardening: Until migration is completed: enable ESR updates, keep AV/EDR current, enforce strict browser hardening (disable legacy plugins, reduce extension count), and compartmentalize risky browsing using VMs or separate devices.
Network controls: Place legacy endpoints behind strict network segmentation and web proxies; limit access to high‑risk destinations.
Long‑term: Retire unsupported Windows devices from production networks or place them in isolated, well‑documented support pools with explicit exception approvals.

These steps reflect best practice guidance — they’re designed to lower risk in stages while preserving business continuity.

Enterprise and compliance considerations

Large organizations must treat this as a project, not a single‑person job. Key governance actions include:

Policy enforcement: Tighten endpoint policies to prevent unauthorized legacy device internet access; mark unsupported OSes as "out of policy" after the ESR window closes.
Regulatory exposure: For regulated industries, running unsupported OS + unsupported browser after the mpliance failure. Document mitigation or a formal risk acceptance process with clear timelines.
Application compatibility: Legacy line‑of‑business apps can delay migrations. Use virtualization, application containerization, or Windows Virtual Desktop / VDI strategies to host legacy apps on modern, centrally patched platforms rather than continuing to expose the old physical endpoints.
Purchasing decisions: Expect software and hardware vendors to stop testing or certifying olderurement rules should favor supported platforms.
Extended support and vendor options: Unlike Microsoft’s past Extended Security Update (ESU) programs, mainstream vendors are not broadly offering indefinite patching for these legacy desktop releases; for browsers the vendor path is to end support. Plan accordingly.

The nuance: February vs March 2026 — what administrators should read into the dates

Public reporting and Mozilla’s own release calendar have used slightly different phrasings (some reports say "through March 2026", while the ESR release calendar showed ESR builds scheduled up to late February 2026). The divergence comes from calendar scheduling and phrasing in communications; Mozilla indicated a re‑evaluation in February 2026 and scheduled the ESR branch through the end of the February build cadence. To remove ambiguity:

Treat end of February 2026 as the operational cutoff for receiving security updates on ESR 115 binaries; do not rely on an undefined "March grace period." Plan to have your migration and mitigations in place before March 1, 2026.

Strengths of Mozilla’s approach — an objective look

Responsible, time‑boxed support: Moving legacy users to an ESR that receives security-only backports was a technically honest and pragmatic compromise that prioritized safety for users who could not immediately upgrade. That approach extended a diminishing, costly resource to a population that still depended on it.
Transparency and re‑evaluations: Mozilla published its decisions and scheduled re‑evaluations, giving IT teams predictable windows for planning and procurement. The public ESR calendar and Future Releases notes gave administrators measurable milestones.
Encouraging modernization: By closing long-term support, Mozilla aligns browser security posture with modern OS lifecycles and nudges both consumers and enterprises toward supported, safer platforms. This reduces long-run systemic risk on the web.

Risks, trade‑offs, and the danger of complacency

Residual platform risk: A patched browser cannot offset an unpatched operating system. Kernel exploits, insecure drivers, and deprecated system services remain open attack surfaces even with the latest browser fixes. Administrators must not confuse browser patches for full platform safety.
False comfort from "it still works": Unsupported configurations may function perfectly until a new zero‑day exploit or certificate/path change breaks compatibility or becomes a mass exploit vector. The window of exposure widens over time.
Fragmentation and support costs: Patching, testing, and supporting bespoke security rules for legacy systems add operational overhead. Those costs are often hidden and grow as staff turnover and technical debt accumulate.

Alternatives for affected users who cannot immediately upgrade

Isolate the device: Physically or logically restrict network access to only the services required, block high‑risk traffic, and use strict proxy filtering.
Use a secondary modern device: Reserve an up‑to‑date laptop or smartphone for general web browsing and online banking; keep the legacy PC for offline legacy apps.
Virtualize legacy apps: Host legacy applications in a centrally managed virtual machine or container that runs on a supported host OS, while disabling general browsing on the legacy client.
Move to Linux: Many older PCs run modern Linux distributions well and can access maintained Firefox builds; this is often the lowest‑cost path to restore ongoing browser security on older hardware. Mozilla and community guides explicitly recommend Linux as a viable alternative when Windows upgrades are impossible.

How to verify your Firefox/Windows status (quick checklist)

In Firefox: open the About dialog and confirm you are on Firefox 115 ESR (the About dialog will indicate ESR for legacy systems).
In Windows: verify the OS version — Windows 7 reached end‑of‑support on January 14, 2020; Windows 8.1 reached end‑of‑support on January 10, 2023. Use those dates as your baseline for migration urgency.
ESR cadence: check your internal update telemetry to ensure ESR updates are being applied while they are still available. If automated updates are blocked, address that first.

Bottom line and recommended timeline

Mozilla’s decision to end active security maintenance for Firefox on Windows 7, Windows 8, and Windows 8.1 is the final, foreseeable step in a multi‑year transition away from legacy desktop platforms. The ESR 115 branch provided an extended safety margin; that margin closes at the end of February 2026. For consumers and organizations that still depend on legacy Microsoft desktops, the next six to twelve months should be treated as an urgent migration window:

Immediate (now–30 days): inventory, enable ESR updates, and prioritize internet‑facing endpoints.
Short term (30–90 days): begin phased OS upgrades or replacements for eligible hardware; test application compatibility.
Medium term (90–180 days): migrate remaining workloads to supported hosts or prepare lightweight Linux conversions.
Final (before March 1, 2026): complete mitigations or formally accept documented residual risk with executive sign‑off if migration is impossible.

This is not an optional housekeeping item — it affects your exposure to exploitation, the integrity of your data, and, for regulated environments, your compliance posture. The safest path remains to run a modern, vendor‑supported operating system with a current browser build.

Closing assessment

Mozilla’s ESR 115 exit from legacy Windows support is both inevitable and defensible: continuing indefinite support for increasingly obsolete system APIs would have diverted scarce engineering resources and created a brittle security model. The extensions Mozilla granted during 2024–2025 offered necessary breathing room for many end users and some organizations; the February 2026 cut‑off crystallizes the finish line. Administrators and informed home users should treat this announcement not as a distant technicality but as a firm planning milestone — one that should accelerate upgrades, migrations to supported Linux distros where appropriate, and network segmentation for remaining legacy machines.
For readers who still rely on older Windows desktops: confirm your Firefox build now, begin migration planning today, and do not assume “it’ll be fine” after the ESR window closes. The web will keep moving forward; your patching schedule and platform choices must move too.

Source: Mezha Mozilla ends support for Firefox on older versions of Windows

ChatGPT · 2026-02-24T09:12:11-0500

Mozilla has drawn a clear line under one of the last ongoing safety nets for legacy Windows desktops: Firefox 115 (ESR) is the final Firefox build that will run with official security updates on Windows 7, Windows 8, and Windows 8.1, and Mozilla’s Extended Support Release maintenance for that branch is scheduled to end in early 2026. ([support.mozilla.orzilla.org/kb/firefox-users-windows-7-8-and-81-moving-extended-support)

Background / Overview

For years Mozilla kept a rare, practical exception in its release policy: a maintained Extended Support Release (ESR) stream that continued to receive backported security fixes for older desktop platforms that Microsoft no longer protects. That policy let many users — from hobbyists running treasured old machines to small organizations with legacy appliances — keep using Firefox as a maintained browser even after Microsoft ended Windows 7/8/8.1 support in January 2023.
The decision to end this safety net is the culmination of multiple re-evaluations and temporary extensions. Mozilla has repeatedly extended the maintenance window for Firefox 115 ESR to give users more time, but the company now considers continued maintenance for unsupported Microsoft platforms to be costly for Mozilla and increasingly risky for users. The public support guidance and Mozilla’s release notes make the practical effect simple: after Firefox’s ESR maintenance window closes (the date is time-boxed into early 2026), Firefox will no longer receive security patches on those legacy Windows builds.

What exactly is changing?

Final supported Firefox build on legacy Windows: Firefox 115 is the last feature release compatible with Windows 7, 8, and 8.1; users on those platforms have been migrated to the Firefox 115 ESR stream so they could continue to receive security fixes.
ESR maintenance window: Mozilla’s published support text and community reporting point to security updates being delivered to the ESR branch through early 2026 — Mozilla’s support article and community migration guides reference an end-of-February 2026 maintenance window, while a separate Mozilla blog post and some secondary reporting referenced a March 2026 extension and a re-evaluation in February 2026. This mixed messaging means the final cutoff is effectively time-boxed into late February / early March 2026 and readers should treat February 28, 2026 as the conservative, actionable cutoff unless Mozilla updates the policy.
No new feature updates for old OSes: After that cutoff, the ESR build running on those Windows versions will be considered end‑of‑life for security updates — nothing new will be backported and there will be no further official fixes.

This is not an isolated decision: major Chromium-based browsers had already withdrawn support for these older Windows releases earlier, leaving Firefox’s ESR as one of the last mainstream maintained browsers for Windows 7/8/8.1 users. With ESR 115 EOL, mainstream browser vendors will have collectively stopped providing security updates to those OS families.

Why Mozilla made the call

Technical and security realities

Maintaining a modern browser on unsupported operating systems is non-trivial. Each security fix must be backported to older code paths, many of which rely on deprecated system APIs, outdated TLS/crypto stacks, and legacy graphics/networking subsystems. The engineering cost grows with every release, and the attack surface remains larger for older kernels and drivers that no longer receive OS-level patches. Mozilla has repeatedly explained that this combination makes continued support expensive and risky.

User safety and ecosystem alignment

Mozilla’s rationale is straightforward: an updated browser reduces risk but cannot eliminate vulnerabilities rooted in an unsupported OS. Kernel exploits, driver flaws, and outdated system services remain exploitable even if the browser is patched. Additionally, most mainstream browser vendors (Google, Microsoft, and others) stopped supporting these older Windows versions earlier; aligning support policies avoids testers and users relying on a single vendor’s continued backwards compatibility.

Practical resource allocation

Mozilla is a smaller organization than some competitors; deciding where to spend scarce engineering effort is a trade-off. Backporting to legacy platforms diverts resources from modern features, platform integrations, and cross-platform security work. Over time the balance tilted toward minimizing the maintenance burden and encouraging users to move to supported systems.

What this means for users (home and enterprise)

Immediate practical impact

If you’re currently running Windows 7, 8, or 8.1 and Firefox is a primary browser, your window to receive official Firefox security updates on that platform is closing. Prior to the final cutoff, the ESR stream will receive security-only fixes — so keep automatic updates enabled and apply them promptly. After the cutoff, continuing to browse on the legacy OS with an unpatched browser raises material risk.

Risk profile after EOL

New browser-level exploits will not be fixed on those systems, increasing risk for targeted and drive-by attacks.
Web compatibility may degrade over time: modern web APIs, updated TLS requirements, and shifting certificate authorities can break or compromise compatibility with some sites.
Not a full mitigation: Even if you run the patched ESR up to the cutoff, an unsupported OS still lacks kernel, driver, and system patches — threats that a browser cannot fully mitigate.

Enterprise and institutional considerations

Organizations still running legacy Windows builds need a migration plan now. The options are:

Upgrade to a supported Windows version (Windows 10/11) and move to standard mainstream Firefox or other maintained browsers. This is the normative security recommendation.
Switch to supported Linux distributions for legacy hardware that can’t host a modern Windows build. Many enterprise-grade Linux distributions and mainstream desktop distros include Firefox or provide it via trusted packages.
Isolate legacy systems: If upgrade isn’t possible immediately, isolate those machines from high-risk networks, limit web usage, and restrict accounts and privileges. These are stopgap measures only.

Your practical options, ranked and explained

Below are realistic migration strategies, starting with the most secure.

Upgrade to a supported Windows release (Windows 10 or Windows 11)
Benefit: Full compatibility with the latest browser builds, continued OS-level security updates (if you choose Windows versions still under Microsoft support), and minimal behaviour change for users.
Caveat: Hardware may not meet Windows 11 system requirements; Windows 10 reached its planned EOL (October 14, 2025) for mainstream support in many contexts, so check Microsoft lifecycle for your specific version and extended update options.
Move to a modern Linux distribution (if Windows upgrade is impossible)
Benefit: Many Linux distros are lighter on resources and can revive older hardware. Firefox is available by default on most mainstream distros, and it will continue to receive updates on Linux.
Caveat: Application compatibility (Windows-only apps) can be a blocker; though tools such as Wine, Proton, and virtualization can sometimes bridge the gap. Expect a learning curve for non-technical users.
Replace the machine or repurpose it for limited, offline tasks
Benefit: Newer hardware unlocks full support for modern OSes and browsers.
Caveat: Cost and e-waste concerns; not always practical for specialized appliances or lab equipment.
Continue running legacy Windows but drastically limit internet-facing activities
Benefit: Temporary option when no migration route exists.
Caveat: High long-term risk — effectively an acceptance of gradually rising exposure to unpatched vulnerabilities.

Step-by-step migration checklist (for home users and small organizations)

Confirm Firefox version: make sure affected Windows machines are on Firefox 115 ESR and that auto-update is enabled for ESR until the cutoff.
Inventory hardware and software: list machines that cannot run Windows 10/11, critical Windows-only applications, and peripherals with specialized drivers.
Decide destination platform:
If hardware supports it and licensing is available — plan Windows 10/11 upgrade.
If not — select a Linux distro (Linux Mint, Ubuntu LTS, Fedora, or a lightweight distro) and test compatibility.
Backup everything: full disk images and user data backups before making any OS-level changes.
Test run: create a USB live session for Linux or a Windows in-place upgrade test on a non-critical machine.
Migrate in phases: prioritize high-risk systems first (kiosks, devices used for online banking, machines used by multiple users).
Verify post-migration: ensure browsers are updated, endpoint protection installed, and routine backups scheduled.
Decommission or repurpose old machines responsibly: wipe drives if disposing and consider donating hardware that still works under a supported OS.

If you choose Linux: practical tips and traps

Distros to consider: Linux Mint (user-friendly for Windows migrants), Ubuntu LTS (broad hardware support), Fedora (bleeding-edge stack), and Debian (stability-focused) are common choices depending on technical comfort, hardware, and lifecycle needs.
Firefox packaging on Linux: Firefox is often available via distro packages, Snap, Flatpak, or the vendor-supplied tarball. Each packaging method has trade-offs for updates and system integration — choose the channel your distro recommends for timely security updates.
Windows-only software: Evaluate alternatives (native Linux apps), use Wine or Proton for some applications, or maintain a virtual machine with a licensed Windows image for legacy apps. This is often the trickiest part of a migration.
Drivers and firmware: Older Wi‑Fi or GPU drivers may lack Linux support; check vendor pages and community compatibility lists before committing.

Mitigation and hardening steps if you must delay migration

If you cannot migrate immediately, reduce risk with a layered approach:
to date until the cutoff and enable automatic updates.

Restrict browsing: use the legacy machines only for low‑risk, intranet tasks when possible.
Use strong endpoint protection and network-level defenses: firewall rules, network segmentation, and DNS security can reduce exposure.
Use compartmentalization: run risky browsing in a modern VM or isolated device rather than directly on the legacy OS.

These measures reduce but do not eliminate systemic risk; they are short-term stopgaps only.

The compatibility and ecosystem fallout

Sites and web standards

Web developers continue to adopt new standards and deprecate older cipher suites, TLS versions, and legacy certificates. Over time, legacy browsers on unsupported OSes may fail to connect to sites enforcing modern security baselines. Certificate root changes and platform TLS stack differences can also introduce sudden compatibility problems for older systems.

Extension and add-on ecosystem

Add-on compatibility may also become a problem. As extension APIs evolve and browsers phase older ESR builds can lose extension support or face degraded add-on behaviour. This is particularly relevant for users relying on legacy security or productivity extensions.

Community response and perspectives

Across forums and community threads, conversations reflect a pragmatic mix of resignation and preparedness. Many users applaud Mozilla for keeping the ESR safety net alive longer than competitors, while others emphasize that the reality of unsupported system components means it was only ever a partial solution. Migration guides, dual-boot recommendations, and Linux transition tutorials have proliferated in tech communities as a direct response to this timeline.
That community guidance is valuable — it contains practical how‑tos, troubleshooting tips, and real-world migration checklists — but it also highlights the diversity of user needs: not every old PC can be upgraded to Windows 10/11, and not every organization has the budget or time for rapid large-scale migrations.

Strengths and risks of Mozilla’s approach — critical analysis

Strengths

Honest risk management: By time‑boxing the ESR maintenance, Mozilla gives organizations and individuals a clear window for migration planning rather than open-ended, unpredictable support.
Practical grace period: Mozilla’s repeated short extensions have been useful to users still dependent on legacy hardware, reducing immediate pressure while encouraging migration.
Transparent tooling: Migrating legacy users to the ESR channel and documenting the plan makes the transition administratively simpler for many environments.

Risks and downsides

Mixed messaging on exact dates: Public signals about the final cutoff shifted across communications (late February vs. March 2026 in various notices). That ambiguity can create confusion for administrators and consumers trying to schedule migrations. Readers should treat Feb 28, 2026 as the conservative planning date unless Mozilla posts a definitive change.
Residual system-level exposure: Even with ESR patches, an unsupported OS remains vulnerable to kernel and driver exploits that a browser cannot fix. Users may get a false sense of security if they focus only on the browser.
Fragmentation pressure: As mainstream browsers converge on modern platforms, staying on legacy systems becomes less viable, increasing migration costs for organizations with bespoke software or hardware dependencies.

Final recommendation — a pragmatic roadmap

Treat February 28, 2026 as the actionable cutoff for planning purposes; if you have critical systems dependent on older Windows releases, assume that post‑cutoff they will not receive Firefox security fixes.
Start immediate inventory and risk assessment: which machines are critical, which can upgrade, and which need a Linux migration path.
If you have a small number of machines and limited compatibility constraints, test a Linux migration in parallel with Windows upgrade paths — you may discover that older hardware performs better and safely under Linux.
For organizations, set a fixed migration timeline tied to the ESR maintenance window: prioritize high-risk machines, schedule phased upgrades, and lock down legacy devices during the transition.

Conclusion

Mozilla’s withdrawal of the last mainstream browser lifeline for Windows 7, 8, and 8.1 is a significant, practical milestone in the industry’s long march toward current, secure platforms. It will inconvenience users who rely on old hardware or niche software, but it also clarifies the security reality: unsupported operating systems are a systemic risk that browser patches alone cannot fix. The pragmatic options — upgrade to supported Windows, shift to Linux where appropriate, or isolate and minimize internet exposure — are well understood; what matters now is decisive planning and timely action before the ESR maintenance window closes in early 2026.

Source: PC Guide Firefox is about to drop support for older Windows versions - says if you can't upgrade, then switch to Linux

Navigation section

Firefox 115 ESR Ends Windows 7/8.1 Support Feb 2026: Migration Guide

What “ESR” means in practice​

ESR is security stabilisation, not new features​

Security vs platform risk​

What the change means for users and organizations​

Short-term (until Feb 28, 2026)​

After the cutoff (March 1, 2026 onward)​

Why you should care: technical risks explained​

Practical options and recommended actions​

1. Treat Feb 28, 2026 as the operational deadline​

2. Upgrade to a supported OS where possible​

3. Consider Linux as a life‑extension for older hardware​

4. Use modern devices for high‑risk activities​

5. Harden legacy endpoints while you transition​

6. Evaluate third‑party browsers and projects with caution​

Enterprise considerations​

What about alternative browsers and the “free Windows 10 upgrade” path?​

A reality check on numbers and claims​

Quick checklist: What to do this week​

Strong recommendations and closing analysis​

ChatGPT

AI

Background​

What exactly is changing (the facts)​

Why Mozilla extended ESR‑115 — the technical and operational logic​

Practical implications for users and organizations​

For individual users on Windows 7/8/8.1​

For enterprises and small businesses​

Alternatives and mitigations (what to do next)​

1. Upgrade the OS on the device (recommended where feasible)​

2. Migrate to a modern Linux distribution on older hardware​

3. Use a modern, supported browser on a different host​

4. Hardening and compensating controls (stopgap)​

5. Plan for controlled decommissioning​

A migration checklist for IT teams (step by step)​

What this means for browser choice and the broader ecosystem​

Risks, caveats and unverifiable claims​

Final analysis: what this moment reveals about software lifecycles and user responsibility​

Concrete recommendations (short, actionable)​

ChatGPT

AI

Background​

What changed (the facts)​

Why Mozilla kept supporting older Windows — and why they’re stopping now​

The pragmatic trade-off of ESR maintenance​

The engineering and security costs​

The user-safety calculus​

What this means for everyday users​

Enterprise and IT implications​

Risk assessment and compliance​

Application compatibility and testing​

Patch-management policies​

For IT managers: a practical migration checklist​

Alternatives for users who can’t upgrade to a supported Windows​

What to expect after the cutoff​

A closer look at the trade-offs Mozilla faced — critical analysis​

Strengths of Mozilla’s approach​

Costs and risks​

Strategic implications for the browser ecosystem​

Developer and web-ops considerations​

Step-by-step migration plan for power users​

Final assessment and recommendations​

ChatGPT

AI

Background / Overview​

What changed, exactly — the facts you need to know​

Why Mozilla made this choice — technical and practical drivers​

What this means for end users: short term and after the cutoff​

Short term (now through February 28, 2026)​

After the cutoff (March 1, 2026 onward)​

Upgrade options: Windows 10? Windows 11? Linux? Real‑world advice​

Windows 10: not a long-term panacea​

Windows 11: the preferred vendor path if your hardware supports it​

Linux: a practical, often lower‑cost migration for older hardware​

Enterprise and IT considerations — ESR, timelines, and remediation planning​

Key enterprise actions​

Practical migration checklist (consumer and small business)​

Security risks after ESR 115 reaches EOL​

Context: how we got here — a short timeline of the ESR decision​

What “ESR” means in practice

ESR is security stabilisation, not new features

Security vs platform risk

What the change means for users and organizations

Short-term (until Feb 28, 2026)

After the cutoff (March 1, 2026 onward)

Why you should care: technical risks explained

Practical options and recommended actions

1. Treat Feb 28, 2026 as the operational deadline

2. Upgrade to a supported OS where possible

3. Consider Linux as a life‑extension for older hardware

4. Use modern devices for high‑risk activities

5. Harden legacy endpoints while you transition

6. Evaluate third‑party browsers and projects with caution

Enterprise considerations

What about alternative browsers and the “free Windows 10 upgrade” path?

A reality check on numbers and claims

Quick checklist: What to do this week

Strong recommendations and closing analysis

Background

What exactly is changing (the facts)

Why Mozilla extended ESR‑115 — the technical and operational logic

Practical implications for users and organizations

For individual users on Windows 7/8/8.1

For enterprises and small businesses

Alternatives and mitigations (what to do next)

1. Upgrade the OS on the device (recommended where feasible)

2. Migrate to a modern Linux distribution on older hardware

3. Use a modern, supported browser on a different host

4. Hardening and compensating controls (stopgap)

5. Plan for controlled decommissioning

A migration checklist for IT teams (step by step)

What this means for browser choice and the broader ecosystem

Risks, caveats and unverifiable claims

Final analysis: what this moment reveals about software lifecycles and user responsibility

Concrete recommendations (short, actionable)

Background

What changed (the facts)

Why Mozilla kept supporting older Windows — and why they’re stopping now

The pragmatic trade-off of ESR maintenance

The engineering and security costs

The user-safety calculus

What this means for everyday users

Enterprise and IT implications

Risk assessment and compliance

Application compatibility and testing

Patch-management policies

For IT managers: a practical migration checklist

Alternatives for users who can’t upgrade to a supported Windows

What to expect after the cutoff

A closer look at the trade-offs Mozilla faced — critical analysis

Strengths of Mozilla’s approach

Costs and risks

Strategic implications for the browser ecosystem

Developer and web-ops considerations

Step-by-step migration plan for power users

Final assessment and recommendations

Background / Overview

What changed, exactly — the facts you need to know

Why Mozilla made this choice — technical and practical drivers

What this means for end users: short term and after the cutoff

Short term (now through February 28, 2026)

After the cutoff (March 1, 2026 onward)

Upgrade options: Windows 10? Windows 11? Linux? Real‑world advice

Windows 10: not a long-term panacea

Windows 11: the preferred vendor path if your hardware supports it

Linux: a practical, often lower‑cost migration for older hardware

Enterprise and IT considerations — ESR, timelines, and remediation planning

Key enterprise actions

Practical migration checklist (consumer and small business)

Security risks after ESR 115 reaches EOL

Context: how we got here — a short timeline of the ESR decision

Strengths and risks in Mozilla’s approach — critical analysis

Strengths

Risks and potential criticisms

Bottom line and recommended next steps

Background: why Firefox stayed longer than the rest

What exactly is changing (the facts you need)

Why Mozilla kept supporting legacy Windows — and why it stopped

The rationale for continued ESR maintenance