Absent of that, portable Firefox would work if for some reason some user doesn't want the update that allows SHA256 hash code signing.
For those that don't know. SHA256 (pronounced shaw 256) is a cryptographic hash of data. This hash is a long sting of 64 hexadecimal (A-F - 0-9 ) characters. These unique characters can identify data and ONLY that data. So, if you compute a SHA256 hash for a file using something like HashTools, that file in its current form will have a unique hash to it and none other. If only one stickin' bit of data is changed, the whole damn hash value changes. This is why VirusTotal uses SHA256 and so does cryptocurrency like Bitcoin et al. If you could crack SHA256, you just become a multi billionaire in the cryptocurrency department to say the least...
Since SHA256 creates such a unique string of characters, using it for code signing installers means it has verification purposes in an effort to thwart a forgery.
Your IoT (Internet of Things) devices like a smart speaker, wireless camera, fridge, etc or perhaps even your router firmware updates? They all seldom lack code signing which means a hacker can replace the firmware at will and take control... Now all these devices can be controlled for various purposes. One is for massive DDoS (Distributed Denial of Service) purposes. Hacked routers means a hacker can use your router as a stepping stone so there's no trace back to them.
It'll take an act of congress to make sure these things have code signing as a legal requirement among some other basic, non over reaching approaches that need to be law. I'd consult a consortium of IT and white hack, ethical hackers...
SIdenote: There's also SHA512. Guess how many characters in this string? If you said 128 you are correct.
Further reading:
Whirlpool (hash function) - Wikipedia
bcrypt - Wikipedia
Argon2 - Wikipedia
hash - Best practice for hashing passwords - SHA256 or SHA512? - Stack Overflow