From ef5587fc8804c52cdc00fdd1d33eadb53bcdc332 Mon Sep 17 00:00:00 2001
From: Tomas Volf <~@wolfsden.cz>
Date: Tue, 9 Dec 2025 23:57:28 +0100
Subject: nongnu: firefox-esr: Update to 140.6.0esr [security fixes].

Fixes CVE-2025-13012, CVE-2025-13013, CVE-2025-13014, CVE-2025-13015,
CVE-2025-13016, CVE-2025-13017, CVE-2025-13018, CVE-2025-13019,
CVE-2025-13020, CVE-2025-14321, CVE-2025-14322, CVE-2025-14323,
CVE-2025-14324, CVE-2025-14325, CVE-2025-14328, CVE-2025-14329,
CVE-2025-14330, CVE-2025-14331, CVE-2025-14333.

* nongnu/packages/mozilla.scm (firefox-esr): Update to 140.6.0esr.

Signed-off-by: Jonathan Brielmaier <jonathan.brielmaier@web.de>
---
 nongnu/packages/mozilla.scm | 6 +++---
 1 file changed, 3 insertions(+), 3 deletions(-)

(limited to 'nongnu')

diff --git a/nongnu/packages/mozilla.scm b/nongnu/packages/mozilla.scm
index e25e64f..a71c6f0 100644
--- a/nongnu/packages/mozilla.scm
+++ b/nongnu/packages/mozilla.scm
@@ -87,19 +87,19 @@
 
 ;; Update this id with every firefox update to its release date.
 ;; It's used for cache validation and therefore can lead to strange bugs.
-(define %firefox-esr-build-id "20251013122101")
+(define %firefox-esr-build-id "20251208132959")
 
 (define-public firefox-esr
   (package
     (name "firefox-esr")
-    (version "140.4.0esr")
+    (version "140.6.0esr")
     (source
      (origin
        (method url-fetch)
        (uri (string-append "https://archive.mozilla.org/pub/firefox/releases/"
                            version "/source/firefox-" version ".source.tar.xz"))
        (sha256
-        (base32 "1xx4rsdkfkx9nxlfzw07j5di07kfqi0a7jplcixvqihh2xrhdwj9"))
+        (base32 "1jadc0ynq49zcqd7ix9nxlrqy5gfhm61p7yliwy068bma2mwjdbc"))
        (patches
         (map (lambda (patch)
                (search-path
-- 
cgit v1.2.3