Why on earth are you running such a massively outdated browser? You should at least switch to pale moon, basilisk, or another maintained browser. God knows how many vulnerabilities in the wild there are in 56.
I don't think I or anyone else need to justify why they still use the 56 ESR instead of pale moon nor does that have anything to do with the question of whether there will be a fix for this version from Mozilla.
Clearly a few feathers have been ruffled by even broaching the fact that many people still use the 56 version because crtical extensions still have no equivalent under quantum. Snark is not allowed even when asking a relevant question of whether there will be an update. Sad.
Win7 gets security updates until somewhere in 2020. After that point, anyone still using 7 will be better off upgrading to 8/8.1/10.
Firefox 56 is not an ESR. It does not get security patches. From a quick look, there are public CVEs[0] that allow for ROP code execution almost effortlessly.
Security was always one of the big reasons behind keeping browsers up to date (the other reason being propagating new standard faster).
Besides, I wasn’t suggesting updating to latest firefox. I specifically mentioned pale moon and basilisk because they support old style extensions, while hopefully keeping up with the security fixes and other improvements to the engine going in mainline.
Windows 7 gets security updates. But I do agree with your general point, fear of vulns pushing you to broken versions feels wrong. I've been on 55 myself (since 56 already broke some stuff) until a month ago, upgraded for security reasons, giving up convenient tab switching with the mouse, mouse gestures in view-source tabs, stable vertical tabs (tree style tabs is not super stable), quick toggles for javascript/css/proxy, etc. :/
Considering that firefox gets upwards 70% of the users onto the latest version within 4 weeks or so of a new release, I don't see the point, doubt chrome is an issue for this as well, only reason I can see to support ancient browsers is if you have intranet web apps that only function is IE6-IE10 and you need to be able to run it there as well
Ever consider that some users cannot afford to upgrade? There's a lot of homeless people around here who only have phones (no laptops), and they are very old. Many run android 2 still. You must support established standards, even old ones, to remain good to all users and avoid prioritizing services for the wealthy.
Why is it so hard for moz://a to provide something similar as an official workaround? Here is the cert, import it and you are good to go. Instead we have the opt-in to studies and update your browser nonsense and no fix for days.
