Slow adoption of security updates of Firefox in Fedora Linux

rosti · May 9, 2026, 12:16am

In both Fedora 43 and Fedora 44 the current version of Firefox now is 150.0. And for some unknown reason it took extremely long time pushing the already tested package of Firefox 150.0 into the stable repo of Fedora 43:

Firefox 150.0 released by Mozilla in April 21. Fedora 43 has it in stable from May 4

After 150.0 Mozilla released two additional patch level releases with fixes of several high level and critical security vulnerabilities:

Firefox 150.0.1 released by Mozilla in April 28. Fedora 43 and 44 has it currently in testing.

Firefox 150.0.2 released by Mozilla in May 7. Fedora doesn’t have any build of it as yet.

Fortunately Mozilla Project makes their own builds of Firefox and of additional language packs for Firefox, including packaged by RPM and they also have a DNF5 compatible repo:

What are the differences between their builds and Fedora builds of Firefox? What are the pros and cons of switching to Mozilla builds and what is the right way of doing it? Just replacing the firefox and firefox-langpacks packages of Fedora with the Mozilla’s alternatives or something more? I’m asking because now Bodhi always brings newer Firefox with newer nss packages together.

hasshu · May 9, 2026, 9:17am

Am also interested in this.

I have yet to give it a try, but shouldn’t the --set=priority=10 part do the trick? From the dnf5 documentation:

augenauf · May 9, 2026, 10:54am

For reference:

rosti · May 9, 2026, 2:18pm

I have yet to give it a try, but shouldn’t the --set=priority=10 part do the trick?

It definitely does, but my question was about nss* packages.

hasshu · May 9, 2026, 8:10pm

Ah, I see now. I tried enabling Mozilla’s repo, and running dnf5 --repo=mozilla repoquery --files firefox; here are some of the files:

/usr/lib/firefox/libnss3.so
/usr/lib/firefox/libnssutil3.so
/usr/lib/firefox/libsmime3.so
/usr/lib/firefox/libssl3.so

Looks like their Firefox RPM includes all the required NSS libraries.

rosti · May 12, 2026, 4:49pm

Did you try to install it instead of the Fedora’s Firefox? Does it work properly?

BTW another patch level update of Firefox 150.0.x was released today with more security issues resolved:

One of those issues is interesting (quote from the release notes)

Fixed an issue where characters entered into password fields could appear unmasked in print preview and printed pages. (Bug 2037803)

This time @stransky reacted quickly and 150.0.3 is already in pending testing status:
https://bodhi.fedoraproject.org/updates/?packages=firefox

Thank you Martin!

steevemccauley60 · May 12, 2026, 5:08pm

rosti · May 12, 2026, 6:58pm

There is a potential issue in that new Fedora package of Firefox 150.0.3

https://bodhi.fedoraproject.org/updates/FEDORA-2026-4542b2d7aa#comment-4643774

hasshu · May 12, 2026, 8:05pm

I did, and it seemed to work just fine (at a glance), though I ended up removing it in favor of the official Flatpak.

Yeah, see this topic for context:

hasshu · May 12, 2026, 8:12pm

There are no newer versions for F42–44 in stable yet, if that’s what you mean.

Topic		Replies	Views
Firefox still not updated on Fedora 43 Ask Fedora firefox	22	950	May 11, 2026
Firefox 143.0.4 (64-bit) on my Clean Install Fedora 43...? Ask Fedora firefox	15	583	November 2, 2025
Critical updates release speed in Fedora Ask Fedora	8	459	October 11, 2024
Still no firefox 146 for fedora? Ask Fedora	7	352	December 14, 2025
Why is there no official yum/dnf repo from firefox? Ask Fedora	3	5575	September 16, 2020

Related topics