Connect with us

Hi, what are you looking for?



Mozilla to Kill Firefox for Windows XP, Vista in 2017

Support for Windows XP and Vista will be removed from Firefox, currently the last major web browser out there to still support the two outdated operating system versions.

Support for Windows XP and Vista will be removed from Firefox, currently the last major web browser out there to still support the two outdated operating system versions.

In a blog post just before Christmas, Mozilla announced plans to automatically move Firefox for Windows XP and Vista to the Extended Support Release (ESR) in March next year. The next step, Mozilla says, will be to kill off support for XP and Vista entirely, and that is expected to happen in September next year, although a decision on this has yet to be made.

“Firefox is one of the few browsers that continues to support Windows XP and Vista, and we expect to continue to provide security updates for users until September 2017. Users do not need to take additional action to receive those updates. In mid-2017, user numbers on Windows XP and Vista will be reassessed and a final support end date will be announced,” the company said.

Firefox ESR is intended for administrators within large organizations, including universities and other schools, county or city governments and businesses. The issue, however, is that Windows XP and Windows Vista continue to be used within these environments, although they are old and already proven highly vulnerable.

As a Duo Security report revealed in November, the ongoing use of these outdated, vulnerable platforms and browsers puts enterprise environments at risk. 65% of Duo Security’s clients’ Windows users are still running Vista and thousands are still on XP.

Microsoft ended support for Windows XP in April 2014, and has already warned that those who continue to use it will be exposed to security flaws never to be patched. In fact, the 15 years old platform is known to be plagued by around 700 vulnerabilities, 200 of which are rated either High or Critical severity.

The report also revealed that as many as 88% of Windows XP users are using Internet Explorer 8 as their standard browser, which represents a significant risk, given that the browser is no longer supported by Microsoft. With support for XP ended in Google Chrome this year and set to be killed off in Firefox the next, users are left with few viable choices when it comes to their standard browsing application.

Advertisement. Scroll to continue reading.

The obvious choice for Windows XP and Vista users, however, is an upgrade to a newer, more secure operating system. In fact, Mozilla themselves encourage users to upgrade to a Windows version that is supported by Microsoft.

“In the meantime, we strongly encourage our users to upgrade to a version of Windows that is supported by Microsoft. Unsupported operating systems receive no security updates, have known exploits, and are dangerous for you to use.  For planning purposes, enterprises using Firefox should consider September 2017 as the support end date for Windows XP and Vista,” Mozilla said.

Related: Ongoing Use of Windows Vista, IE8 Pose Huge Enterprise Threat

Related: Widespread Windows XP Use Remains Among Businesses Despite End-of-Life: Survey 

Written By

Ionut Arghire is an international correspondent for SecurityWeek.

Click to comment

Daily Briefing Newsletter

Subscribe to the SecurityWeek Email Briefing to stay informed on the latest threats, trends, and technology, along with insightful columns from industry experts.

SecurityWeek’s Threat Detection and Incident Response Summit brings together security practitioners from around the world to share war stories on breaches, APT attacks and threat intelligence.


Securityweek’s CISO Forum will address issues and challenges that are top of mind for today’s security leaders and what the future looks like as chief defenders of the enterprise.


Expert Insights

Related Content


Less than a week after announcing that it would suspended service indefinitely due to a conflict with an (at the time) unnamed security researcher...

Data Breaches

OpenAI has confirmed a ChatGPT data breach on the same day a security firm reported seeing the use of a component affected by an...

Risk Management

The supply chain threat is directly linked to attack surface management, but the supply chain must be known and understood before it can be...


The latest Chrome update brings patches for eight vulnerabilities, including seven reported by external researchers.


Patch Tuesday: Microsoft warns vulnerability (CVE-2023-23397) could lead to exploitation before an email is viewed in the Preview Pane.


Apple has released updates for macOS, iOS and Safari and they all include a WebKit patch for a zero-day vulnerability tracked as CVE-2023-23529.

IoT Security

A group of seven security researchers have discovered numerous vulnerabilities in vehicles from 16 car makers, including bugs that allowed them to control car...

IoT Security

A vulnerability affecting Dahua cameras and video recorders can be exploited by threat actors to modify a device’s system time.