Contributed byJanne Johanssonon
Solene @ writes:
Dear OpenBSD users, due to Firefox being too complicated to package (thanks to cbindgen and rust dependencies) on the stable branch (as this would require testing all rust consumers), the 6.6-stable branch won’t receive updates for www / mozilla- firefox, so it will remain vulnerable toMFSA 20200109141600 –and vulnerabilities that may appear after.
On the other hand, firefox-esr is still updated so I recommend switching to firefox-esr if you are running 6.6-stable.
If you run OpenBSD 6.5, you should upgrade to OpenBSD 6.6 to get the benefit from packages updates.
OpenBSD-current users are not affected, www / mozilla-firefox update is alreadycommittedand will be available soon on the mirrors.