diff --git a/CVE-2023-6209.patch b/CVE-2023-6209.patch
new file mode 100644
index 0000000000000000000000000000000000000000..d774f79bc91276cfbfcc92f13416f177a29cea8e
--- /dev/null
+++ b/CVE-2023-6209.patch
@@ -0,0 +1,33 @@
+From bd28c4f6d37732480925ba56c72de8a223f9f993 Mon Sep 17 00:00:00 2001
+From: Valentin Gosu <valentin.gosu@gmail.com>
+Date: Thu, 19 Oct 2023 07:40:28 +0000 (8 months ago)
+Subject: [PATCH] CVE-2023-6209
+
+---
+ netwerk/base/nsStandardURL.cpp | 10 +++++++++-
+ 1 file changed, 9 insertions(+), 1 deletion(-)
+
+diff --git a/netwerk/base/nsStandardURL.cpp b/netwerk/base/nsStandardURL.cpp
+index df4188b500..2c02ae59aa 100644
+--- a/netwerk/base/nsStandardURL.cpp
++++ b/netwerk/base/nsStandardURL.cpp
+@@ -2567,7 +2567,15 @@ nsStandardURL::Resolve(const nsACString& in, nsACString& out) {
+     // locate result path
+     resultPath = PL_strstr(result, "://");
+     if (resultPath) {
+-      resultPath = PL_strchr(resultPath + 3, '/');
++      // If there are multiple slashes after :// we must ignore them
++      // otherwise net_CoalesceDirs may think the host is a part of the path.
++      resultPath += 3;
++      if (protocol.IsEmpty() && Scheme() != "file") {
++        while (*resultPath == '/') {
++          resultPath++;
++        }
++      }
++      resultPath = strchr(resultPath, '/');
+       if (resultPath) {
+         net_CoalesceDirs(coalesceFlag, resultPath);
+       }
+-- 
+2.33.0
+
diff --git a/firefox.spec b/firefox.spec
index 4bdcdbb56e42fc9cba3ba9b7471cd7d508d0ad01..4202a5986989a84e4301ab7d82734da7060106bc 100644
--- a/firefox.spec
+++ b/firefox.spec
@@ -88,7 +88,7 @@
 Summary:             Mozilla Firefox Web browser
 Name:                firefox
 Version:             79.0
-Release:             23
+Release:             24
 URL:                 https://www.mozilla.org/firefox/
 License:             MPLv1.1 or GPLv2+ or LGPLv2+
 Source0:             https://archive.mozilla.org/pub/firefox/releases/%{version}/source/firefox-%{version}.source.tar.xz
@@ -202,6 +202,7 @@ Patch658:            CVE-2020-26971.patch
 Patch659:            CVE-2021-29946.patch
 Patch660:            CVE-2022-34481.patch
 Patch661:            CVE-2020-26979.patch
+Patch662:            CVE-2023-6209.patch
 
 %if %{?system_nss}
 BuildRequires:       pkgconfig(nspr) >= %{nspr_version} pkgconfig(nss) >= %{nss_version}
@@ -398,6 +399,7 @@ tar -xf %{SOURCE3}
 %patch659 -p1
 %patch660 -p1
 %patch661 -p1
+%patch662 -p1
 
 %{__rm} -f .mozconfig
 %{__cp} %{SOURCE10} .mozconfig
@@ -846,6 +848,9 @@ gtk-update-icon-cache %{_datadir}/icons/hicolor &>/dev/null || :
 %endif
 
 %changelog
+* Wed Jun 5 2024 lvfei <lvfei@kylinos.cn> - 79.0-24
+- Fix CVE-2023-6209
+
 * Wed Jun 5 2024 lvfei <lvfei@kylinos.cn> - 79.0-23
 - Fix CVE-2020-26979
 
@@ -911,7 +916,7 @@ gtk-update-icon-cache %{_datadir}/icons/hicolor &>/dev/null || :
 - Fix CVE-2020-15664 CVE-2020-15665 CVE-2020-15666 CVE-2020-15667
   CVE-2020-15668 CVE-2020-15676 CVE-2020-15677 CVE-2020-15678
 
-* Thu Nov 28 2020 Jeffery.Gao <gaojianxing@huawei.com> - 79.0-3
+* Sat Nov 28 2020 Jeffery.Gao <gaojianxing@huawei.com> - 79.0-3
 - Fix firefox downgrade error
 
 * Thu Oct 29 2020 caodongxia <caodongxia@huawei.com> - 79.0-2