:: detour to raw logs, followed by look at headers ::

Very few “jaunty”, all blocked for various reasons including but not limited to env=old_firefox (self-explanatory). In my case, one FF/51, the rest all FF/3.something. That's reason enough to block, isn't it?

Went back 16 months (latest "collection") and nary a sign. But will keep an eye out! Thanks!

Firefox/3.x is definitely one to block regardless if there's any history or not, imo. :)

My office computer at $dayjob runs Windows 98 (with KernelEx enhancements). I also run a modified FF 2.0 (retroZilla) that allows me to access pretty much any website I want (even if I have to turn off style sheets). Various versions FF 3 are more popular and allow more functionality than FF2. The forums at MSFN.org have lots of people running legacy windows and lots of projects there that allow enhanced functionality of older / modified versions of lots of different software packages, browsers, etc.

You should reconsider blocking old versions of FF. There are a select few older versions of FF (but numerically much higher than 2 or 3) that I've seen being used persistently by bots.

even if I have to turn off style sheets

Explain this, please. Requesting stylesheets--specifically /errorstyles.css (self-explanatory)--is the #1 way I identify inadvertently blocked humans.

:; quick trip to raw logs ::

Since January 2022 I have never seen a legitimate css request from a Firefox/3. user-agent. I specificy “legitimate” because
/administration/ac-admin/css/admin-calendar.css
(with no other requests) is clearly illegitimate. (I originally used another word, but Word Filters is just too genteel.)

My website doesn't have any .css files. To render any page on my site, a bunch of .gif's is needed to render the page. If all I see being requested are .html files, that tells me a human eyeball is not at the other end looking at my site. Or if I see requests for files I don't have (ie the usual WP login files or other junk) then obviously that's a bot.

Regarding the OP's original observation of jaunty and that Russian IP: I have 179.60.144.0/22 in my block (and don't log) router drop list, so it's among the worst IP offenders.

I've seen "jaunty" show up from about 25 unique IP's from 2015 through 2018, and none since then. These are the UA's I've seen:

Mozilla/5.0 (X11; U; Linux i686; en-US, rv:1.9.0.16) Gecko/2009121601 Ubuntu/9.04 (jaunty) Firefox/3.0.16
Mozilla/5.0 (X11; U; Linux i686; it-IT; rv,1.9.0.2) Gecko/2008092313 Ubuntu/9.25 (jaunty) Firefox/3.8
Mozilla/5.0 (X11; U; Linux i686; pt-BR; rv,1.9.0.15) Gecko/2009102815 Ubuntu/9.04 (jaunty) Firefox/3.0.15
Mozilla/5.0 (X11; U; Linux x86_64; en-US; rv,1.9.1.1) Gecko/20090716 Ubuntu/9.04 (jaunty) Shiretoko/3.5.1

This is what they asked for:

/wp-login.php
/blog/wp-login.php
/wordpress/wp-login.php

My side I keep it simple. Since I don't WP anything, any requests are all denied. Don't worry about UA or bot or humans.

YMMV