OpenBSD announced that due to the dependencies of cbindgen and rust, Firefox is too complex to package on stable branches, and doing so will require testing of all rust consumers. So the stable branch of OpenBSD 6.6 will not receive updates from www/mozilla-firefox.
Firefox 72 was just released a few days ago, and the day after it was released, Mozilla made an emergency fix for the serious vulnerability MFSA2020-03 and released the Firefox 72.0.1 version. OpenBSD 6.6’s inability to receive Firefox updates means that users are still vulnerable to Firefox flaws.
On the other hand, OpenBSD indicates that firefox-esr is still being updated normally. It is recommended that users running the stable version of 6.6 should switch to firefox-esr. Firefox ESR is the extended support version. It is the official version of Firefox specially developed for large institutions such as universities or companies. It can help these organizations deploy and maintain Firefox on a large scale.
If you are still running OpenBSD 6.5, you should still upgrade to OpenBSD 6.6 first. This version was released in October 2019 and is currently the latest stable version.
OpenBSD-current users are not affected, the www/mozilla-firefox update has been submitted and will be available on the mirror soon.