Security Experts:

Connect with us

Hi, what are you looking for?

SecurityWeekSecurityWeek

Vulnerabilities

Mozilla to Kill Firefox for Windows XP, Vista in 2017

Support for Windows XP and Vista will be removed from Firefox, currently the last major web browser out there to still support the two outdated operating system versions.

Support for Windows XP and Vista will be removed from Firefox, currently the last major web browser out there to still support the two outdated operating system versions.

In a blog post just before Christmas, Mozilla announced plans to automatically move Firefox for Windows XP and Vista to the Extended Support Release (ESR) in March next year. The next step, Mozilla says, will be to kill off support for XP and Vista entirely, and that is expected to happen in September next year, although a decision on this has yet to be made.

“Firefox is one of the few browsers that continues to support Windows XP and Vista, and we expect to continue to provide security updates for users until September 2017. Users do not need to take additional action to receive those updates. In mid-2017, user numbers on Windows XP and Vista will be reassessed and a final support end date will be announced,” the company said.

Firefox ESR is intended for administrators within large organizations, including universities and other schools, county or city governments and businesses. The issue, however, is that Windows XP and Windows Vista continue to be used within these environments, although they are old and already proven highly vulnerable.

As a Duo Security report revealed in November, the ongoing use of these outdated, vulnerable platforms and browsers puts enterprise environments at risk. 65% of Duo Security’s clients’ Windows users are still running Vista and thousands are still on XP.

Microsoft ended support for Windows XP in April 2014, and has already warned that those who continue to use it will be exposed to security flaws never to be patched. In fact, the 15 years old platform is known to be plagued by around 700 vulnerabilities, 200 of which are rated either High or Critical severity.

The report also revealed that as many as 88% of Windows XP users are using Internet Explorer 8 as their standard browser, which represents a significant risk, given that the browser is no longer supported by Microsoft. With support for XP ended in Google Chrome this year and set to be killed off in Firefox the next, users are left with few viable choices when it comes to their standard browsing application.

The obvious choice for Windows XP and Vista users, however, is an upgrade to a newer, more secure operating system. In fact, Mozilla themselves encourage users to upgrade to a Windows version that is supported by Microsoft.

“In the meantime, we strongly encourage our users to upgrade to a version of Windows that is supported by Microsoft. Unsupported operating systems receive no security updates, have known exploits, and are dangerous for you to use.  For planning purposes, enterprises using Firefox should consider September 2017 as the support end date for Windows XP and Vista,” Mozilla said.

Related: Ongoing Use of Windows Vista, IE8 Pose Huge Enterprise Threat

Related: Widespread Windows XP Use Remains Among Businesses Despite End-of-Life: Survey 

Written By

Ionut Arghire is an international correspondent for SecurityWeek.

Click to comment

Expert Insights

Related Content

Cloud Security

VMware vRealize Log Insight vulnerability allows an unauthenticated attacker to take full control of a target system.

IoT Security

Lexmark warns of a remote code execution (RCE) vulnerability impacting over 120 printer models, for which PoC code has been published.

Mobile & Wireless

Apple rolled out iOS 16.3 and macOS Ventura 13.2 to cover serious security vulnerabilities.

Mobile & Wireless

Technical details published for an Arm Mali GPU flaw leading to arbitrary kernel code execution and root on Pixel 6.

Email Security

Microsoft is urging customers to install the latest Exchange Server updates and harden their environments to prevent malicious attacks.

Vulnerabilities

Security researchers have observed an uptick in attacks targeting CVE-2021-35394, an RCE vulnerability in Realtek Jungle SDK.

Mobile & Wireless

Apple’s iOS 12.5.7 update patches CVE-2022-42856, an actively exploited vulnerability, in old iPhones and iPads.

Vulnerabilities

Google has awarded more than $25,000 to the researchers who reported the vulnerabilities patched with the release of the latest Chrome update.