On the Password Manager Browser Extensions page it says " Browser extensions are supported for the two most recent versions of Google Chrome, Mozilla Firefox, Opera, Microsoft Edge, and Safari. For Vivaldi, Brave, and Tor, only the most recent version is supported."
I assume that means that Firefox ESR (Extended Support Release) is not supported? In particular there could be security issues with Firefox ESR? Firefox ESR is currently on version 102.13.0 whereas Firefox is on version 115.0.3.
I contacted Customer Support. They said that Firefox ESR 115.x does have the necessary security features for Bitwarden. They said that Firefox ESR 102.x (the older branch) likely has the necessary security features for Bitwarden being as it’s used in enterprise but they didn’t have enough information on 102 to say for sure. They felt confident that Bitwarden would indeed be secure. They also recommended enabling biometrics, vault timeout, and vault timeout action for additional security.
I would only add that Firefox ESR is frozen in time. It receives timely security fixes but not any additional security features that the regular release of Firefox does. But this is always the tradeoff with Firefox ESR. You get more stability but not the latest (security) features. Firefox ESR gets version-bumped about once a year. So that’s when it will receive new (security) features.
I contacted customer support again. I got a different person this time. I asked if Firefox-esr had the necessary security features for the browser extension to be secure. They said that the security of the browser and the security of the browser extension are separate. They said that as long as the browser is supported that the browser extension will work fine. And that the security of the extension is handled by Bitwarden with encryption of the data.