From e14a077b85ed900845ab5c43ae188109c2af9cbd Mon Sep 17 00:00:00 2001
From: Your Name <you@example.com>
Date: Thu, 6 Nov 2025 15:37:45 +0800
Subject: [PATCH] update to 140.4.0 to fix cves

---
 download     | 6 +++---
 firefox.spec | 9 +++++++--
 2 files changed, 10 insertions(+), 5 deletions(-)

diff --git a/download b/download
index ab70c34..383b5a4 100644
--- a/download
+++ b/download
@@ -1,4 +1,4 @@
-ba93a89023a8c4d7ade167905783d875  firefox-140.3.0esr.source.tar.xz
-e4985d446d3f5de6a00c49e8175b6a87  firefox-langpacks-140.3.0esr-20250919.tar.xz
-bbd51396c9f1f79afb128af28627b207  cbindgen-vendor.tar.xz
+2a65419433afc5e1e9876078d857dceb  firefox-140.4.0esr.source.tar.xz
+5cc42aa56d70329630faf12312e13f32  firefox-langpacks-140.4.0esr.tar.xz
+67056dedd58324bc0f08727400bb5273  cbindgen-vendor.tar.xz
 b3c1d2ea615cb0195f4f62b005773262  mochitest-python.tar.gz
diff --git a/firefox.spec b/firefox.spec
index 0c4454d..e0bb791 100644
--- a/firefox.spec
+++ b/firefox.spec
@@ -60,7 +60,7 @@
 
 Summary:        Mozilla Firefox Web browser
 Name:           firefox
-Version:        140.3.0
+Version:        140.4.0
 #128.14.0
 Release:        %{anolis_release}%{?dist}
 URL:            https://www.mozilla.org/firefox/
@@ -73,7 +73,7 @@ License:        MPLv1.1 or GPLv2+ or LGPLv2+
 # Link to original tarball: https://archive.mozilla.org/pub/firefox/releases/%%{version}%%{?pre_version}/source/firefox-%%{version}%%{?pre_version}.source.tar.xz
 Source0:        https://ftp.mozilla.org/pub/firefox/releases/%{version}esr/source/firefox-%{version}esr.source.tar.xz
 %if %{with langpacks}
-Source1:        firefox-langpacks-140.3.0esr-20250919.tar.xz
+Source1:        firefox-langpacks-140.4.0esr.tar.xz
 %endif
 Source2:        cbindgen-vendor.tar.xz
 Source3:        process-official-tarball
@@ -1573,6 +1573,11 @@ gtk-update-icon-cache %{_datadir}/icons/hicolor &>/dev/null || :
 
 #---------------------------------------------------------------------
 %changelog
+* Thu Nov 06 2025 wenxin <wx02272781@alibaba-inc.com> - 140.4.0-1
+- update to 140.4.0
+- fix CVE-2025-11708, CVE-2025-11709, CVE-2025-11710, CVE-2025-11711,
+  CVE-2025-11712, CVE-2025-11714, CVE-2025-11715
+
 * Mon Sep 22 2025 mgb01105731 <mgb01105731@alibaba-inc.com> - 140.3.0-1
 - Update to 140.3.0 to fix CVE-2025-10527 CVE-2025-10528 CVE-2025-10533
   CVE-2025-10534 CVE-2025-10536 CVE-2025-10537 CVE-2025-10529 CVE-2025-10531
-- 
Gitee