Security News > 2022 > August > Firefox 104 is out – no critical bugs, but update anyway

CVE-2022-38477 covers bugs that affect only Firefox builds based on the code of version 102 and later, which is the codebase used by the main version, now updated to 104.0, and the primary Extended Support Release version, which is now ESR 102.2.

CVE-2022-38478 covers additional bugs that exist in the Firefox code going back to version 91, because that's the basis of the secondary Extended Support Release, which now stands at ESR 91.13.

As we've explained before, Firefox Extended Support Release is aimed at conservative home users and at corporate sysadmins who prefer to delay feature updates and functionality changes, as long as they don't miss out on security updates by doing so.

The ESR version numbers combine to tell you what feature set you have, plus how many security updates there have been since that version came out.

For ESR 91.13, we have 91+13 = 104, to make it clear that although version 91 is still back at the feature set from about a year ago, it's up-to-the-moment as far as security patches are concerned.

The reason there are two ESRs at any time is to provide a substantial double-up period between versions, so you are never stuck with taking on new features just to get security fixes - there's always an overlap during which you can keep using the old ESR while trying out the new ESR to get ready for the necessary switchover in the future.

News URL

https://nakedsecurity.sophos.com/2022/08/26/firefox-104-is-out-no-critical-bugs-but-update-anyway/