Firefox 100 requires the Windows Update KB4474419 on Windows 7
Firefox users who run the open source web browser on Microsoft's Windows 7 operating system need to make sure that Windows update KB4474419 is installed on their devices. The update is a prerequisite for Firefox 100 as Mozilla switched to SHA-256 digest signing in that release.
The Windows update KB4474419 introduced support for SHA-2 code signing on Windows 7 and Windows Server 2008 / 2008 R2. The last version of the update dates back to September 2019, and it should be installed on most Windows 7 devices by now, as it was released before the operating system reached end of support. Systems without the update may get Windows Update error 0x80092004 because of the missing dependency; this may happen on manually updated systems.
Customers who run legacy OS versions (Windows 7 SP1, Windows Server 2008 R2 SP1 and Windows Server 2008 SP2) are required to have SHA-2 code signing support installed on their devices to install updates released on or after July 2019. Any devices without SHA-2 support will not be able to install Windows updates on or after July 2019.
Windows 7 administrators find the update on the Microsoft Update Catalog, but it should also be available on Windows Update and other update management systems.
Mozilla notes on the Firefox 100 release notes for the Nightly version that the update is required to install Firefox successfully on Windows 7 devices.
Beginning in this release, the Firefox installer for Windows is signed with a SHA-256 digest, rather than SHA-1. Update KB4474419 is required for successful installation on a computer running the Microsoft Windows 7 operating system.
SHA-1 was phased out by Microsoft because of weaknesses and to "align to industry standards". SHA-2 does not have these weaknesses and it ensures that the Firefox installation or update has not been tampered with.
Mozilla does not mention if Firefox's installer displays an error message if the required Windows update is not installed on the system. It would make sense to highlight the missing dependency to help users resolve it.
The change affects Firefox for the Windows 7 operating system only. Firefox running on newer versions of the Windows operating system will install or update normally once Firefox 100 is released.
Mozilla plans to release the first three-digit version of the web browser on May 3, 2022 according to the release schedule.
Now You: do you run Firefox on Windows 7, or other systems? (via Techdows)
> Now You: do you run Firefox on Windows 7?
Yes, I do and all telemetry is disabled via user.js, so Mozilla doesn’t receive all the information that they love to collect.
In this case I’m not sure if it’s such a good idea to have all telemetry switched off. How else should they find about how many Win7 installations are still alive with Firefox?
We are on Windows 11 by now. Firefox will drop Windows 7 AND Windows 8.1 support sometime after January 2023. That’s when Windows 7 ESU and Windows 8.1 regular support timeframe run out. All Chromium-based browsers will do the same thing btw.
Use something that is still actively maintained (more recent Windows, or Linux), same answer I gave the Windows XP guys when they couldn’t let go.
Yes, I am fully aware of the situation and also of the fact that Mozilla and Google browsers (and derivatives thereof) will not provide compatibility with Win7 forever. Indeed, Windows is not and has never been my main system (for private use), but it continues to be my gaming platform (for older games).
Windows 11 is crapware, no way in hell I would run that on my hardware. Once Mozilla ends support for Windows 7, I will run the newest version of Firefox through VDI.
I use Nightly on Windows 7. I had version 100 since beginning of March 2022.
I still run Windows 7 as well and still get updates FWIW. I’m in no delusion that I’ll have to migrate by January next year as patches will cease and software vendors will drop support.
My hope is that Windows 11 has been patched into a more usable state by then so I can skip 10 altogether. But if not, I do have Win 10 set up on a second partition. Personally, I simply prefer 7 as an OS, and as long as it is still patched and software supports it, I feel no need to migrate to an OS I conceive to be poorer/uglier/messier.
This is the pro-telemetry argument they make all the time. I remember them making it about removing compact mode not too long ago, and dropping support for all kinds of personalisations. But they promote themselves as privacy-oriented, so their target audience by definition is turning off their telemetry… it doesn’t make a lot of sense for them to rely on it like they seem to.
“Weaknesses” in SHA-1 are greatly exaggerated as there has never been a practical exploit, and even if you could craft say, a malicious Firefox installer with the same hash as the official installer, it would be extremely difficult to get anyone to download and use it since everyone gets it from Mozilla’s site anyway, and all the common mirror sites get the binaries directly from Mozilla too.
Including both SHA-1 and SHA-2 signatures doesn’t hurt but whatever. I’m not too keen on updating my few remaining Win7 systems because the first time I installed the SHA-2 update it borked the bootloader which has never happened with any update before. Now if a program really insists on SHA-2 or nothing I’ll just find a portable version or an alternative. For instance, WireGuard (VPN protocol) for Windows initially refused to install without SHA-2 so I ended up discovering TunSafe which was even easier to use than WireGuard official. A win-win for me!
Windows 7 here, privacy enhanced with WPD (Windows Privacy Dashboard) at [https://wpd.app/]
I had stopped updating Win7 SP1 before July 2019, hence KB4474419 is not installed.
Just downloaded the KB from Microsoft Update Catalog (thanks for the link provided in the article).
Unfortunately the update was unsuccessful, which is not a surprise given there’s a home-made bug developed by Tom The Great (myself, who else?) which has already in the past prevented successful Windows Updates here. I had searched then for days and days trying to find the culprit, unsuccessfully.
Should Firefox 100 installer be strict with SHA-256 (which, according to this article, seems factual) that I’d be in trouble and stuck with coming Firefox 99. If so, maybe the opportunity to test another browser (Brave, for instance), mainly because I’d be unable to carry on with Firefox future versions’ security fixes (I may not miss future gadgets though). We’ll see.
> stuck with coming Firefox 99
You can also roll back to Firefox 91 ESR though this one will be abandoned security-wise around the time of Firefox 104 or so. You also can’t just downgrade the Firefox profile, so you’d have to rebuild. There is also Brave, Ungoogled Chromium etc.
You could also install Windows 8.1 + Classic Shell which is superior to Windows 7 in every possible way. Or Linux. You are not out of options, and not updating Windows is not advisable from a security perspective.
@Iron Heart, several opportunities indeed but remains the unavoidable : time, times bringing to its knees sooner or later obsolescence, that of the device (PC here), that of the OS, that of software (Firefox), and, moreover, all three tied.
2022 appears for users as myself (old PC, Windows7) as the limit.
Switching to 91 ESR, “though this one will be abandoned security-wise around the time of Firefox 104 or so” together with what you wrote in your answer above to user Anonymous, “Firefox will drop Windows 7 AND Windows 8.1 support sometime after January 2023. “, because that’s near tomorrows, doesn’t thrill me. I appreciate knowing these time issues.
Installing “Windows 8.1 + Classic Shell which is superior to Windows 7 in every possible way” is perceived as the hassle of a new install of an old OS, whatver younger than Win7. What bothers me are two things : 1- updating device & peripherals (new OS), 2- getting used to the new OS (I have all to learn again).
Linux? Once i’ll have decided to move on (new PC and new OS) it’ll be Win11 or Linux. I still don’t know but, given, 1- I’m not a techie and 2- whatever the huge differences between a Win7 and a Win11 … there are Microsoft standards which remain and to which i’ve been used to (Win 3.1 -> Win7). Should I be younger that I’d consider the challenge as exciting but seems I’m enduring an increasing cerebral laziness as years increment.
To be totally frank I’d say that in the depths of my unconsciousness Windows 11 will be the one to honor my next PC. But sometimes consciousness prevails :=)
We’ll see, but the end is near and, to quote approximately Woody Allen, “Time flies, especially at the end”, though I’m referring more specifically to computer + OS (but not only, lol).
Librewolf is also a good alternative .but i am not sure whether it will be affected by this change or not ?
@akg, in case Firefox 100 install confirms the SHA-2 code signing requirement, in case updated Librewolf doesn’t, then I could very well consider the switch. Thanks for pointing that out.
> then I could very well consider the switch.
All modern multiprocess browsers will be eating RAM like it’s nothing:
OMG! —“To be totally frank I’d say that in the depths of my unconsciousness Windows 11 will be the one to honor my next PC” — What’s all this talk about ultimately switching to Win 11??!! That’s blasphemy!! :<((
You can continue to use Win 7 for the rest of your life by using linux and Virtual Box along with whatever version of Firefox you choose.
Make things easy on yourself and down load Linux Mint and play around with the VB download. Then when you’re ready load Win 7 in the VB with all your “adjustments” and have at it. Should a “bad nasty” happen you’re basically protected, and if need be, remove the “bad nasty” reinstall your VB programs and live life to the fullest.
If I can do it so can you. And trust me, I’m a few years older than you. I can remember when Harry Truman was the US president and television was just getting started. Nobody had ever heard of a computer and Bill Gates had not yet been born. So get with it, young man. And have some fun!!
@Valrobex, I’d be surrendering to the enemy, a farewell to arms? Maybe.
First of all there’s not only the OS : the PC is old as well. Windows 7 has been installed on this PC 28/08/2013 on what was then a new device. That’s old, younger than both of us, but old! A new PC is unavoidable.. with Linux or Windows. To follow your suggestion, I’d install Linux (Mint) then run Win7 with a VM? If I choose Linux it’d be to use Linux and not have it serve the enemy :=)
Let’s face it : I did mention being lazy (anyway this so-called laziness to change which sometimes describes faithfulness, a certain conservatism) but I don’t have in mind I’m right. I’ll have to move on technologically speaking, unavoidable. Then comes the OS. I’ll need a sparing partner to discover a Linux ring. I’m still thinking about it, sometimes consciousness prevails … I mean, let’s remain cautious with what we believe to be unlikely : after all a country has been invaded when no one would have bet it’d occur.
What may happen is that I use two PCs simultaneously (as so many of us do!), the old with Win7 as it is, a new with Linux. I know i could have both with a dual boot but that seems complicated for the non-techie that I am, not to mention that i’m not the sort of guy to have a spouse in town and a lover in a motel : I like to love but one and one only :=)
We’ll see, which is what people say (or think) when they postpone!
Looks like lyricism did it again…
Thanks for your alarm, Valrobex. I keep it in mind :=)
I have a Windows 7 which has not updated since 2016, have downloaded the KB and installation has succeed. Hope for you you can fix it, at least I can affirm it works on not updated system.
@Marcin, thanks for the info. My problem is that whatever Windows Update fails to install correctly here. The .msu launches correctly, then the welcome screen where update starts before rebooting, then, after reboot, the end of the install fails, what had been set is removed and so on. But this is an old dispute between Win7 and me, my fault because I had tweaked the OS quite a lot, carefully but obviously not carefully enough when I modified some important Windows Updates’ configurations (Registry included) *without* a return ticket (contrarily to my habits) : we were younger, crazier :=)
Good to know that you’ve been able to install KB4474419 on an otherwise non (or partially) Windows 7 OS.
Or in other words: Only ESU users will get updates to Firefox. Which is basically ok, since that freeride will end in 8 months anyway. It was fun, and Windows 7 will always be remembered as the last good Microsoft OS. The last good Firefox on the other hand..oh boy THAT was long ago. Let’s all just suck it up and move on shall we? Windows 7 and Firefox both belong in museums now.
No, you are wrong. Firefox updates will NOT be limited to ESU users of Windows 7. KB4474419 (the last version, v3) was released on September, 2019, so before End-of-Support, which was after January 14, 2020. That means: all Firefox users on Windows 7 will get updates (until Mozilla finally drops support for Windows 7 and 8.1 in the future), providing they have SP1 (as Windows 7 RTM did not get SHA-2 support) and KB4474419 installed.
Quite funny how using an unpatched, insecure and abandoned operating system is not a problem but if Firefox isn’t updated it’s the end of the world…
It is not the end of the world, but it is a problem. Since web browser is on the first line of defense from attacks, it is important to make sure it is not vulnerable to them, so it should be patched. Of course, Windows 7 without ESU patches becomes more vulnerable to attacks and it is a problem (and it is also not the end of the world), but everyone needs to assess risk and decide himself.
There is a very little chance of making Microsoft change its mind, because millions of its customers want it. Mozilla, however, is an foundation, donated by people (even though big part of their budget comes from Google), and Firefox is open-source software, developed and supported by volunteers. So, there is much bigger probability that we can make them continue supporting Firefox on Windows 7.
And, last but not least – if we, Firefox users on Windows 7 know about the new requirement, we can make sure we are prepared for it, in many ways. We can check whether updates introducing SHA-2 support are installed and if not, install them. We can temporary move to Firefox ESR to different browser, i.e. one of Firefox forks, like PaleMoon. We can also migrate to another OS (newer version of Windows/Linux/Mac)…
> Mozilla, however, is an foundation, donated by people (even though big part of their budget comes from Google), and Firefox is open-source software, developed and supported by volunteers. So, there is much bigger probability that we can make them continue supporting Firefox on Windows 7.
Firefox is not developed by the non-profit Mozilla foundation. Firefox is developed by the for-profit Mozilla Corporation, and your donations don’t contribute to Firefox development:
And no, as always, they are going to rely on their extensive telemetry and not on your feedback.
Thank you for this heads up. I don’t have KB4474419 and I’m reluctant to even attempt to install it. I’m also pretty reluctant to install Firefox updates nowadays, so this won’t be the one thing that makes me finally seriously check out Linux, but it’s another nail in my Win7 coffin, definitely.
I’m in the same precedent as you. My motto is If it works then don’t break it. I’ve had windows updates break my boot loader and cause endless restarts and booting issues. I’m not enthusiastic about Firefox updates anymore. It used to be big deal with upcoming massive improvements but now updating Firefox is usually changes for changes sake, like somebody gets a paycheck to dumb down the user interface, or add more useless features every update.
Those of you who still want to cling to Windows 7 as long as possible but are concerned about not getting security patches, here’s the way-
Anyone NOT using that patched ESU on Windows 7 is asking for trouble and when disaster strikes actually did it to themselves. Quite a ridiculous amount of severe critical patches have landed on ESU since Windows 7 was left to die, and the bad guys know/use all of them.
> 50 most popular websites
And Windows 7 will become more problematic to use as software vendors drop support for it. Once Firefox and Chromium-based browsers drop support and you are stuck with old versions of them, you will be facing rendering issues sooner rather than later.
isn’t that a good thing these days?
> isn’t that a good thing these days?
Depends on whether you browse these websites, or not.
>Now You: do you run Firefox on Windows 7, or other systems?
running esr91 on win7 with webrtc, geolocation, webgl, drm and every telemetry-related preference that i’m aware of all disabled in about:config (no, mitchell, spying on your rapidly shrinking userbase is *not* required in order to make a functional web browser), aris’s custom css tweaks (that i need to constantly fiddle with, it feels like), ublock origin and several other addons, strict tracking protection is enabled… i’ve been lagging behind a little bit on updates and my hacky setup isn’t the best but i’m at least slightly better off than a lot of people on newer, inferior oses methinks
genuinely surprised that mozilla hasn’t made a fuss about dropping win7 support yet considering how much they’ve botched everything else lately, chromium support and extended security updates are all ending in less than a year from now so things are going to get dicey soon regardless. the increasingly large amount of open source software devs getting lazy and dropping win7 (nodejs, msys2, handbrake…) aren’t helping either. i’m assuming mozilla will go masks off and ditch everything pre-win10 after the next esr release but hey, maybe they’ll prove me wrong (it’d be nice if i could main pale moon or seamonkey instead, but obviously we can’t have nice things)
to those Win7 users who have NOT installed the KB4474419 update on their systems – shame on them all
Firefox is NOT the only app out there that requires Win7’s KB4474419 update.
newest versions of Malwarebytes won’t be offered to Win7 users without KB4474419 as mentioned in these malwarebytes forum threads:
even NVIDIA requires KB4474419 as well for Win7 users who want to install certain recent nVidia graphics drivers:
ditto for using Norton products on Win7 as well – need the necessary SHA-2 update installed for that one too:
so the KB4474419 requirement for Win7 is not just limited to just running newer Firefox versions