From ce2e2df10f08147511f73474258b5bc4bba6de6f Mon Sep 17 00:00:00 2001
From: Tomas Volf <~@wolfsden.cz>
Date: Tue, 7 Apr 2026 17:35:46 +0200
Subject: nongnu: firefox-esr: Update to 140.9.1esr [security fixes].

Fixes CVE-2026-5731, CVE-2026-5732, CVE-2026-5734.

* nongnu/packages/mozilla.scm (firefox-esr): Update to 140.9.1esr.

Signed-off-by: Hilton Chain <hako@ultrarare.space>
---
 nongnu/packages/mozilla.scm | 6 +++---
 1 file changed, 3 insertions(+), 3 deletions(-)

(limited to 'nongnu')

diff --git a/nongnu/packages/mozilla.scm b/nongnu/packages/mozilla.scm
index 5c0400f..6376df6 100644
--- a/nongnu/packages/mozilla.scm
+++ b/nongnu/packages/mozilla.scm
@@ -88,19 +88,19 @@
 
 ;; Update this id with every firefox update to its release date.
 ;; It's used for cache validation and therefore can lead to strange bugs.
-(define %firefox-esr-build-id "20260323123835")
+(define %firefox-esr-build-id "20260407093607")
 
 (define-public firefox-esr
   (package
     (name "firefox-esr")
-    (version "140.9.0esr")
+    (version "140.9.1esr")
     (source
      (origin
        (method url-fetch)
        (uri (string-append "https://archive.mozilla.org/pub/firefox/releases/"
                            version "/source/firefox-" version ".source.tar.xz"))
        (sha256
-        (base32 "0b79x61w51fjf12p5sr9pipg4b3fjdnbsg0j20fdai3jq6jb4wmr"))
+        (base32 "1hld2kbzvrmr7pqq0r5hw639xl8kw29lm2hsbn0m4kxang1fdlj5"))
        (patches
         (nongnu-patches
          "firefox-restore-desktop-files.patch"
-- 
cgit v1.3