From 2d896249837112122725fd2642b2cbd88326d671 Mon Sep 17 00:00:00 2001
From: Martin Weinelt <hexa@darmstadt.ccc.de>
Date: Tue, 2 Nov 2021 23:40:02 +0100
Subject: [PATCH] firefox-esr-78: mark as vulnerable

This is a browser, the 78 ESR series is end of life, so we can expect
this browser to be a security vulnerability any day.

Recommend everyone to move to ESR 91.
---
 pkgs/applications/networking/browsers/firefox/packages.nix | 3 +++
 1 file changed, 3 insertions(+)

diff --git a/pkgs/applications/networking/browsers/firefox/packages.nix b/pkgs/applications/networking/browsers/firefox/packages.nix
index 23126d1eec0..ae27cf85f6c 100644
--- a/pkgs/applications/networking/browsers/firefox/packages.nix
+++ b/pkgs/applications/networking/browsers/firefox/packages.nix
@@ -73,6 +73,9 @@ rec {
       badPlatforms = lib.platforms.darwin;
       broken = stdenv.buildPlatform.is32bit; # since Firefox 60, build on 32-bit platforms fails with "out of memory".
                                              # not in `badPlatforms` because cross-compilation on 64-bit machine might work.
+      knownVulnerabilities = [
+        "Firefox ESR 78 has reached its end of life. Migrate to Firefox ESR 91 (`firefox-esr` or `firefox-esr-91`)."
+      ];
       license = lib.licenses.mpl20;
     };
     tests = [ nixosTests.firefox-esr-78 ];