OpenBSD announces that Firefox is too complex to package on a stable branch due to the dependencies of cbindgen and rust, and that doing so will require testing all rust consumers. Therefore, the branch of OpenBSD 6.6 Stable will not receive updates from www/mozilla-firefox.
Firefox 72 was released just a few days ago, and the day after its release, Mozilla made an emergency fix for the critical vulnerability MFSA2020-03 and released Firefox 72.0.1. OpenBSD 6.6’s inability to receive Firefox updates also means that users are still vulnerable to vulnerabilities.
OpenBSD, on the other hand, indicates that firefox-esr is still being updated normally, and it is recommended that users running 6.6 Stable switch to firefox-esr. Firefox ESR, an extended support version, is a full version of Firefox developed specifically for large institutions such as universities or companies that can help these organizations deploy and maintain Firefox on a large scale.
If you are still running OpenBSD 6.5, you should upgrade to OpenBSD 6.6 first. This release was released in October 2019 and is currently the latest stable release.
OpenBSD-current users are not affected, and the www/mozilla-firefox update has been submitted and will soon be available on the image.