I'd suggest sticking with stable for now. Firefox 57 doesn't land until November. Firefox 45 will be long-since insecure by then. If the extension you want to use isn't updated by November, you could always make alternate plans at that point. And you can sync data between multiple instances of Firefox (including multiple portable instances) using Firefox Sync to make life easier.
If you were browsing SourceForge for the 45 legacy build, it's under the Firefox legacy folders instead of ESR.
Sometimes, the impossible can become possible, if you're awesome!
I thought the ESR concept was a very good one. Why is it gong away ?
As I've noted before, if & when the ability to use key extensions I consider vital go away, that's when I'll be done with FF. They are a preponderance of the reason why I use any incarnation of FF in the first place. The browsing security thing is much over-hyped, in my opinion: there are a number of other counter-measures one can employ. Sandboxie, Shadow Defender, etc. At the far end of that curve, if I was truly concerned but still determined to proceed with possibly risky browsing, I could run a Linux Live-CD or Win PE disc, with no HDD connected. In that scenario, one is essentially bulletproof.
ESR is designed specifically for corporations, universities and other large organizations so they can test and validate specific web apps and extensions on a staggered release schedule before pushing major versions to their users. That's it's reason for being. It's not designed for regular end users and isn't intended to stay on a specific version of Firefox indefinitely.
As for legacy vs web extensions, we're agnostic. Legacy extensions are dropped with Firefox 57 in October. Some people are using Firefox 45 ESR now for specific testing reasons. But that gets no more security patches after June.
Using a live CD doesn't fully protect you. Remote code execution could allow a site to inject and run a process in your local session that then monitors every site, login, and password you use from that point on until reboot. And it often happens via 3rd party javascript (ads, stats, CDN hosting of common libraries, etc) so even only going to trusted sites doesn't protect you. So, while a live CD protects you from some things, it doesn't protect you from others.
In the end, all of this is beside the point. Firefox has their public schedule of ESR and how it works as well as when legacy extensions go away. We have our public schedule of when each ESR release is updated. They'll be followed. If you wish to make the case that legacy extensions should be kept, please contact Mozilla. We have no control over it. Realistically, no one with any control over it will read anything any of us post here.
Sometimes, the impossible can become possible, if you're awesome!
Also, while there are none in the wild (that have been discovered yet), proof of concept malicious software has been created that can write itself to the RAM in your BIOS chip.
Thus every OS you would run after infection would be potentially in danger, and no antivirus, firewall, or sandbox can help you.
It's already available here: https://portableapps.com/apps/internet/firefox_portable/legacy
It was made in exception to the standard ESR policies due to the nature of this split: https://portableapps.com/support/firefox_portable#esr
I don't personally recommend using it as it will only get security patches for 43 more days.
Sometimes, the impossible can become possible, if you're awesome!
That's what I was looking for, thanks.
I couldn't find it using Google and 45.8.0 is the last one I saw at Source Forge.
I'm using it for the ScrapBookX addon to clean webpages before saving them. Haven't found a better alternative for this purpose.
Firefox 57 will only run WebExtensions anyway so I needed a smaller version to run the addon, but with recent security updates.
I'd suggest sticking with stable for now. Firefox 57 doesn't land until November. Firefox 45 will be long-since insecure by then. If the extension you want to use isn't updated by November, you could always make alternate plans at that point. And you can sync data between multiple instances of Firefox (including multiple portable instances) using Firefox Sync to make life easier.
If you were browsing SourceForge for the 45 legacy build, it's under the Firefox legacy folders instead of ESR.
Sometimes, the impossible can become possible, if you're awesome!
I thought the ESR concept was a very good one. Why is it gong away ?
As I've noted before, if & when the ability to use key extensions I consider vital go away, that's when I'll be done with FF. They are a preponderance of the reason why I use any incarnation of FF in the first place. The browsing security thing is much over-hyped, in my opinion: there are a number of other counter-measures one can employ. Sandboxie, Shadow Defender, etc. At the far end of that curve, if I was truly concerned but still determined to proceed with possibly risky browsing, I could run a Linux Live-CD or Win PE disc, with no HDD connected. In that scenario, one is essentially bulletproof.
ESR continues as it always has according to a staggered release schedule: https://www.mozilla.org/en-US/firefox/organizations/faq/
ESR Portable follows a very specific schedule as outlined here: https://portableapps.com/support/firefox_portable#esr
ESR is designed specifically for corporations, universities and other large organizations so they can test and validate specific web apps and extensions on a staggered release schedule before pushing major versions to their users. That's it's reason for being. It's not designed for regular end users and isn't intended to stay on a specific version of Firefox indefinitely.
As for legacy vs web extensions, we're agnostic. Legacy extensions are dropped with Firefox 57 in October. Some people are using Firefox 45 ESR now for specific testing reasons. But that gets no more security patches after June.
Using a live CD doesn't fully protect you. Remote code execution could allow a site to inject and run a process in your local session that then monitors every site, login, and password you use from that point on until reboot. And it often happens via 3rd party javascript (ads, stats, CDN hosting of common libraries, etc) so even only going to trusted sites doesn't protect you. So, while a live CD protects you from some things, it doesn't protect you from others.
In the end, all of this is beside the point. Firefox has their public schedule of ESR and how it works as well as when legacy extensions go away. We have our public schedule of when each ESR release is updated. They'll be followed. If you wish to make the case that legacy extensions should be kept, please contact Mozilla. We have no control over it. Realistically, no one with any control over it will read anything any of us post here.
Sometimes, the impossible can become possible, if you're awesome!
Also, while there are none in the wild (that have been discovered yet), proof of concept malicious software has been created that can write itself to the RAM in your BIOS chip.
Thus every OS you would run after infection would be potentially in danger, and no antivirus, firewall, or sandbox can help you.