If you are using one of these versions, you should upgrade as soon as possible.

What happened? Firefox developers are working hard to keep our Firefox and Thunderbird releases up to date with the latest security fixes and bugfixes. In particular, the Firefox ESR team forked the main Firefox code and works to update the ESR version with their own patch set. There were a few issues in this update that caused the Mozilla fuzzing team to report memory safety issues (and potentially other bugs) with these releases of Firefox and Thunderbird. These issues were reported to the Mozilla security team through the fuzzing process, who will now update Firefox and Thunderbird to address these issues.

What do we mean by version number?

The version number for Firefox and Thunderbird is the year of the release (2019) followed by a sequence number. For example, the latest release of Firefox 50.0.2 is 2019-50.0.2-1 while the latest ESR release is 2019-52.
Version numbers are assigned to releases based on when they were made available publicly, so as a consequence you will see two different versions of Firefox and Thunderbird that have been released in 2019 with different version numbers—the mainline release (2019-50.0.2) and the ESR release (2019-52).

What is ESR and how does it work?

The Extended Support Release (ESR) of Firefox and Thunderbird is a version that is an alternative to the standard release. It includes the latest patches that have been merged into the main branch of code, but without all the branding changes and other additions that new releases would receive.
ESRs are updated with bugfixes, security updates, and other minor changes for up to 30 months after their release date. This means 12-18 months after their release date, they will be EOLed and no longer supported. The ESR version is available on its own as well as packaged with a standard Firefox or Thunderbird release.

What is a memory safety bug?

Memory safety bugs are a class of bugs that could cause unexpected behavior when your computer accesses memory. These types of bugs are often triggered by writing to memory, but can also happen when a program attempts to read from memory in unintended ways.
To address these issues, Mozilla has released updated versions of Firefox and Thunderbird that fix all the reported problems with the original release, including the possibility of new ones. If you are using one of these versions, you should upgrade as soon as possible.

What is the Firefox Test Suite?

The Firefox Test Suite is a set of automated tests for Firefox and Thunderbird that are built on the WebKit test framework. These tests can be used to find new memory safety issues in these releases, as well as other bugs. If you're running one of these versions, it's recommended that you upgrade as soon as possible.

What needs to happen to fix these issues?

The Firefox ESR team is working hard to update the patch set in their release to address these issues.
Some of these could be fixed by updating to a newer version of Firefox or Thunderbird, and some need to be fixed by the Mozilla security team.
For users who are unable to upgrade any further, you can uninstall older versions of Firefox or Thunderbird and reinstall them with your current browser settings.
One way to tell if you need to install an update is if your add-on list is empty. If so, you will need to reinstall your old version of Firefox or Thunderbird.

Timeline

Published on: 12/22/2022 20:15:00 UTC
Last modified on: 01/03/2023 20:43:00 UTC

References