Log Message:
firefox: Update to 121.0

* CXXFLAGS has all CFLAGS values. Remove duplicated CXXFLAGS.

Changelog:
121.0
New

  * Firefox now prompts Windows users to install the Microsoft AV1 Video
    Extension to enable hardware decoding support for the AV1 video codec from
    about:support if not already installed.

  * Firefox now supports Voice Control commands on macOS systems.

  * On Linux, Firefox now defaults to the Wayland compositor when available
    instead of XWayland. This brings support for touchpad & touchscreen
    gestures, swipe-to-nav, per-monitor DPI settings, better graphics
    performance, and more.

    Note that due to Wayland protocol limitations, Picture-in-Picture windows
    require an extra user interaction (generally right-click on the window) or
    a shell / desktop-environment tweak. See bug 1621261 for related discussion
    and tracking, this post for a KDE configuration, and this extension for
    GNOME. It is also a known issue that windows are not correctly placed when
    restoring a previous session on launch.

  * Firefox can now force links to always be underlined. This option can be
    enabled in the Browsing section of the Firefox Settings menu.

  * The PDF viewer now includes a floating button to simplify deleting
    drawings, text, and images added in PDFs.

Fixed

  * Various security fixes.

  * Ubuntu Firefox Snap builds did not default to Wayland compositing on some
    systems as expected when Firefox 121 was first released. This is now fixed
    and updated builds can be installed with the Ubuntu Software Updater.

Security fixes:
Mozilla Foundation Security Advisory 2023-56
#CVE-2023-6856: Heap-buffer-overflow affecting WebGL DrawElementsInstanced
 method with Mesa VM driver
#CVE-2023-6135: NSS susceptible to "Minerva" attack
#CVE-2023-6865: Potential exposure of uninitialized data in
 EncryptingOutputStream
#CVE-2023-6857: Symlinks may resolve to smaller than expected buffers
#CVE-2023-6858: Heap buffer overflow in nsTextFragment
#CVE-2023-6859: Use-after-free in PR_GetIdentitiesLayer
#CVE-2023-6866: TypedArrays lack sufficient exception handling
#CVE-2023-6860: Potential sandbox escape due to VideoBridge lack of texture
 validation
#CVE-2023-6867: Clickjacking permission prompts using the popup transition
#CVE-2023-6861: Heap buffer overflow affected nsWindow::PickerOpen(void) in
 headless mode
#CVE-2023-6868: WebPush requests on Firefox for Android did not require VAPID
 key
#CVE-2023-6869: Content can paint outside of sandboxed iframe
#CVE-2023-6870: Android Toast notifications may obscure fullscreen event
 notifications
#CVE-2023-6871: Lack of protocol handler warning in some instances
#CVE-2023-6872: Browsing history leaked to syslogs via GNOME
#CVE-2023-6863: Undefined behavior in ShutdownObserver()
#CVE-2023-6864: Memory safety bugs fixed in Firefox 121, Firefox ESR 115.6, and
 Thunderbird 115.6
#CVE-2023-6873: Memory safety bugs fixed in Firefox 121