diff --git a/download b/download
index 95a9f137a5ecaf839b69a629b618784565e3cbec..671c3b802153a79fb9195f425589371e7fe1b224 100644
--- a/download
+++ b/download
@@ -1,4 +1,5 @@
-c9b54b9d49c18146a3aada80bc8de65f  firefox-140.5.0esr.source.tar.xz
+b3c1d2ea615cb0195f4f62b005773262  mochitest-python.tar.gz
 439c7c2acf5cfd4d730f4c6b14fd10ce  firefox-langpacks-140.5.0esr.tar.xz
 67056dedd58324bc0f08727400bb5273  cbindgen-vendor.tar.xz
 b3c1d2ea615cb0195f4f62b005773262  mochitest-python.tar.gz
+b3c1d2ea615cb0195f4f62b005773262  mochitest-python.tar.gz
\ No newline at end of file
diff --git a/firefox.spec b/firefox.spec
index b489b60c5900a2d37000384e3dc128acb0b4d795..2ed8c110effb8604de7ead6b9d9aa14efc4b0135 100644
--- a/firefox.spec
+++ b/firefox.spec
@@ -1573,6 +1573,10 @@ gtk-update-icon-cache %{_datadir}/icons/hicolor &>/dev/null || :
 
 #---------------------------------------------------------------------
 %changelog
+* Thu Dec 04 2025 tomcruiseqi <tomcruiseqi@inspur.com> - 140.5.0esr-1
+- Update to 140.5.0esr
+- Fix CVE-2024-42459, CVE-2021-29985, CVE-2022-25315, CVE-2025-11153, CVE-2025-11152, CVE-2025-9187, CVE-2025-8043, CVE-2025-8040, CVE-2025-8037
+
 * Fri Nov 14 2025 wenxin <wx02272781@alibaba-inc.com> - 140.5.0-1
 - update to 140.5.0
 - fix CVE-2025-13012, CVE-2025-13013, CVE-2025-13014, CVE-2025-13015,