From another thread on this board I understand that PatchMyPC's stance regarding Firefox ESR is that only the "older" ESR build will be deployed/patched (https://patchmypc.com/forum/index.php?topic=5891.msg14510#msg14510). While I understand your rational, we are having an issue because Mozilla is not updating the older ESR in accordance to what they said they will do. To clarify based on this site Mozilla says they will back port high security updates to the older build:
https://support.mozilla.org/en-US/kb/firefox-esr-release-cycle
However, they are not doing that. In July a high (8.
CVE (https://nvd.nist.gov/vuln/detail/CVE-2023-3600#range-9419430) was announced impacting all versions of Firefox. To date they have only provided an update for the 115 build of ESR. All of our installs are being reported as vulnerable to the CVE from Qualys despite being on the latest 102 build.
So is there any chance PMPC will start to support both the older and newer ESR deployment? Our only other alternative here is to block/remove Firefox ESR from our environment as Mozilla's failure to update high security vulnerabilities isn't tenable.
Thanks
https://support.mozilla.org/en-US/kb/firefox-esr-release-cycle
However, they are not doing that. In July a high (8.
CVE (https://nvd.nist.gov/vuln/detail/CVE-2023-3600#range-9419430) was announced impacting all versions of Firefox. To date they have only provided an update for the 115 build of ESR. All of our installs are being reported as vulnerable to the CVE from Qualys despite being on the latest 102 build.So is there any chance PMPC will start to support both the older and newer ESR deployment? Our only other alternative here is to block/remove Firefox ESR from our environment as Mozilla's failure to update high security vulnerabilities isn't tenable.
Thanks