From 2adc732e84c0030fd214974b9379d9fd6bf35608 Mon Sep 17 00:00:00 2001
From: wenxin <wx02272781@alibaba-inc.com>
Date: Fri, 14 Nov 2025 10:28:25 +0800
Subject: [PATCH] update to 140.5.0 to fix cves

---
 download     |  4 ++--
 firefox.spec | 10 ++++++++--
 2 files changed, 10 insertions(+), 4 deletions(-)

diff --git a/download b/download
index 383b5a4..95a9f13 100644
--- a/download
+++ b/download
@@ -1,4 +1,4 @@
-2a65419433afc5e1e9876078d857dceb  firefox-140.4.0esr.source.tar.xz
-5cc42aa56d70329630faf12312e13f32  firefox-langpacks-140.4.0esr.tar.xz
+c9b54b9d49c18146a3aada80bc8de65f  firefox-140.5.0esr.source.tar.xz
+439c7c2acf5cfd4d730f4c6b14fd10ce  firefox-langpacks-140.5.0esr.tar.xz
 67056dedd58324bc0f08727400bb5273  cbindgen-vendor.tar.xz
 b3c1d2ea615cb0195f4f62b005773262  mochitest-python.tar.gz
diff --git a/firefox.spec b/firefox.spec
index e0bb791..b489b60 100644
--- a/firefox.spec
+++ b/firefox.spec
@@ -60,7 +60,7 @@
 
 Summary:        Mozilla Firefox Web browser
 Name:           firefox
-Version:        140.4.0
+Version:        140.5.0
 #128.14.0
 Release:        %{anolis_release}%{?dist}
 URL:            https://www.mozilla.org/firefox/
@@ -73,7 +73,7 @@ License:        MPLv1.1 or GPLv2+ or LGPLv2+
 # Link to original tarball: https://archive.mozilla.org/pub/firefox/releases/%%{version}%%{?pre_version}/source/firefox-%%{version}%%{?pre_version}.source.tar.xz
 Source0:        https://ftp.mozilla.org/pub/firefox/releases/%{version}esr/source/firefox-%{version}esr.source.tar.xz
 %if %{with langpacks}
-Source1:        firefox-langpacks-140.4.0esr.tar.xz
+Source1:        firefox-langpacks-140.5.0esr.tar.xz
 %endif
 Source2:        cbindgen-vendor.tar.xz
 Source3:        process-official-tarball
@@ -1573,6 +1573,12 @@ gtk-update-icon-cache %{_datadir}/icons/hicolor &>/dev/null || :
 
 #---------------------------------------------------------------------
 %changelog
+* Fri Nov 14 2025 wenxin <wx02272781@alibaba-inc.com> - 140.5.0-1
+- update to 140.5.0
+- fix CVE-2025-13012, CVE-2025-13013, CVE-2025-13014, CVE-2025-13015,
+  CVE-2025-13016, CVE-2025-13017, CVE-2025-13018, CVE-2025-13019,
+  CVE-2025-13020
+
 * Thu Nov 06 2025 wenxin <wx02272781@alibaba-inc.com> - 140.4.0-1
 - update to 140.4.0
 - fix CVE-2025-11708, CVE-2025-11709, CVE-2025-11710, CVE-2025-11711,
-- 
Gitee