diff --git a/firefox.spec b/firefox.spec
index b36744115b415e4692ffa0e4a4d437bd787bd710..901a7c0606394d059daebc84dea4069c8c1df4e1 100644
--- a/firefox.spec
+++ b/firefox.spec
@@ -68,11 +68,11 @@
 %global __provides_exclude_from ^%{mozappdir}
 %global __requires_exclude ^(%%(find %{buildroot}%{mozappdir} -name '*.so' | xargs -n1 basename | sort -u | paste -s -d '|' -))
 
-%global langpacks_date 20260330
+%global langpacks_date 20260429
 
 Summary:        Mozilla Firefox Web browser
 Name:           firefox
-Version:        140.9.0
+Version:        140.10.0
 Release:        1%{?dist}
 URL:            https://www.mozilla.org/firefox/
 License:        MPLv1.1 or GPLv2+ or LGPLv2+
@@ -765,6 +765,15 @@ gtk-update-icon-cache %{_datadir}/icons/hicolor &>/dev/null || :
 %{_datadir}/applications/firefox-x11.desktop
 
 %changelog
+* Wed Apr 29 2026 Doris Chao <doriscchao@tencent.com> - 140.10.0-1
+- [Type] security
+- [DESC] Update to version 140.10.0esr to fix CVEs, including CVE-2026-6746, CVE-2026-6747,
+- CVE-2026-6748, CVE-2026-6749, CVE-2026-6750, CVE-2026-6751, CVE-2026-6752, CVE-2026-6753,
+- CVE-2026-6754, CVE-2026-6757, CVE-2026-6759, CVE-2026-6761, CVE-2026-6762, CVE-2026-6763,
+- CVE-2026-6764, CVE-2026-6765, CVE-2026-6766, CVE-2026-6767, CVE-2026-6769, CVE-2026-6770,
+- CVE-2026-6771, CVE-2026-6772, CVE-2026-6776, CVE-2026-6785, CVE-2026-6786, CVE-2026-5731,
+- CVE-2026-5732 and CVE-2026-5734.
+
 * Mon Mar 30 2026 Doris Chao <doriscchao@tencent.com> - 140.9.0-1
 - [Type] security
 - [DESC] Update to version 140.9.0esr to fix CVEs,including CVE-2026-4684, CVE-2026-4685,
diff --git a/sources b/sources
index f0607e95bedacd2a15ec6aebfdc724466c799205..ec73de21203afb55cc4c38eed1f3010fa819c90c 100644
--- a/sources
+++ b/sources
@@ -1,3 +1,3 @@
 SHA512 (cbindgen-vendor.tar.xz) = 17b4bdb05f21917b11b78e086ebb4e7d7cc28c046ba3267c7be45380fe3e0a24a2722d71f70423365dd152beff198f8f4f41660a12cfb89c8806d2781bdfeb87
-SHA512 (firefox-langpacks-140.9.0esr-20260330.tar.xz) = 3d542c9ccae9a8f6d7232bd4947a50f210d49ecd23cfcf0f4ed7f58d65b33f06102527939ed952f83b448c9d2aab8290ac0ca0e9f616be9e671775aa1a6e69d9
-SHA512 (firefox-140.9.0esr.processed-source.tar.xz) = e391b7790e672eefcaddcd0afb82125db169cf0f9b25dff1200549c674b1d6263d590796a2fe64083ccbc592faa26eb69edac7b940d4f7e0c85508249996a765
+SHA512 (firefox-langpacks-140.10.0esr-20260429.tar.xz) = 81eba75ad55fc8b9b6370262cded371271da1e8332570cd81d78867b6ccc939356e0751559614d415b960bb6dc89c6cdd4462a9294fa090467645a4792313543
+SHA512 (firefox-140.10.0esr.processed-source.tar.xz) = e6f82f3a3b4c15063e3c43f08af2bfb5e9d38f1faeb3098bbbdf9d30eb899238850dba70adfb4acd8a05bb6499f68aa20debb394cb80f7e12b5b907cae6d302f