diff --git a/.firefox.metadata b/.firefox.metadata
index 47dd99d..21b1f96 100644
--- a/.firefox.metadata
+++ b/.firefox.metadata
@@ -1,6 +1,6 @@
 18a8f30a0356c751b8d0ea6f76e764cab13ee046 SOURCES/Python-2.7.13.tar.xz
-efe1e11501ff3d30b96ece94f6a73e21f31f28c9 SOURCES/firefox-60.2.2esr.source.tar.xz
-6b8cc9281137b633d377c5ea1e9aca3afa27f2f1 SOURCES/firefox-langpacks-60.2.2esr-20181002.tar.xz
+bac0745b6abdd5887ec0a46041a8252c344cdc64 SOURCES/firefox-60.3.0esr.source.tar.xz
+a744c490b8bac8f14a4f3d9513731ed58004f30a SOURCES/firefox-langpacks-60.3.0esr-20181019.tar.xz
 6724218efbb1f3fa14541cb2f255970b98446a45 SOURCES/firefox-symbolic.svg
 0de63f863b158454b9429234b52ed28a397ec45c SOURCES/gtk3-private-3.22.26-1.el6.src.rpm
 e188ab1a444697bc649e223c28389d82ca94c472 SOURCES/libffi-3.0.13-18.el7_3.src.rpm
diff --git a/.gitignore b/.gitignore
index 4936acf..5426600 100644
--- a/.gitignore
+++ b/.gitignore
@@ -1,6 +1,6 @@
 SOURCES/Python-2.7.13.tar.xz
-SOURCES/firefox-60.2.2esr.source.tar.xz
-SOURCES/firefox-langpacks-60.2.2esr-20181002.tar.xz
+SOURCES/firefox-60.3.0esr.source.tar.xz
+SOURCES/firefox-langpacks-60.3.0esr-20181019.tar.xz
 SOURCES/firefox-symbolic.svg
 SOURCES/gtk3-private-3.22.26-1.el6.src.rpm
 SOURCES/libffi-3.0.13-18.el7_3.src.rpm
diff --git a/README.debrand b/README.debrand
deleted file mode 100644
index 01c46d2..0000000
--- a/README.debrand
+++ /dev/null
@@ -1,2 +0,0 @@
-Warning: This package was configured for automatic debranding, but the changes
-failed to apply.
diff --git a/SOURCES/firefox-mozconfig b/SOURCES/firefox-mozconfig
old mode 100755
new mode 100644
diff --git a/SOURCES/mozilla-1475775-key3-revert.patch b/SOURCES/mozilla-1475775-key3-revert.patch
new file mode 100644
index 0000000..5ab7cbc
--- /dev/null
+++ b/SOURCES/mozilla-1475775-key3-revert.patch
@@ -0,0 +1,66 @@
+diff --git a/security/manager/ssl/nsNSSComponent.cpp b/security/manager/ssl/nsNSSComponent.cpp
+--- a/security/manager/ssl/nsNSSComponent.cpp
++++ b/security/manager/ssl/nsNSSComponent.cpp
+@@ -1654,6 +1654,51 @@
+   }
+   return AttemptToRenamePKCS11ModuleDB(profilePath, sqlModuleDBFilename);
+ }
++
++// When we changed from the old dbm database format to the newer sqlite
++// implementation, the upgrade process left behind the existing files. Suppose a
++// user had not set a password for the old key3.db (which is about 99% of
++// users). After upgrading, both the old database and the new database are
++// unprotected. If the user then sets a password for the new database, the old
++// one will not be protected. In this scenario, we should probably just remove
++// the old database (it would only be relevant if the user downgraded to a
++// version of Firefox before 58, but we have to trade this off against the
++// user's old private keys being unexpectedly unprotected after setting a
++// password).
++// This was never an issue on Android because we always used the new
++// implementation.
++static void
++MaybeCleanUpOldNSSFiles(const nsACString& profilePath)
++{
++  UniquePK11SlotInfo slot(PK11_GetInternalKeySlot());
++  if (!slot) {
++    return;
++  }
++  // Unfortunately we can't now tell the difference between "there already was a
++  // password when the upgrade happened" and "there was not a password but then
++  // the user added one after upgrading".
++  bool hasPassword = PK11_NeedLogin(slot.get()) &&
++                     !PK11_NeedUserInit(slot.get());
++  if (!hasPassword) {
++    return;
++  }
++  nsCOMPtr<nsIFile> dbFile = do_CreateInstance("@mozilla.org/file/local;1");
++  if (!dbFile) {
++    return;
++  }
++  nsresult rv = dbFile->InitWithNativePath(profilePath);
++  if (NS_FAILED(rv)) {
++    return;
++  }
++  NS_NAMED_LITERAL_CSTRING(keyDBFilename, "key3.db");
++  rv = dbFile->AppendNative(keyDBFilename);
++  if (NS_FAILED(rv)) {
++    return;
++  }
++  // Since this isn't a directory, the `recursive` argument to `Remove` is
++  // irrelevant.
++  Unused << dbFile->Remove(false);
++}
+ #endif // ifndef ANDROID
+ 
+ // Given a profile directory, attempt to initialize NSS. If nocertdb is true,
+@@ -1685,6 +1730,9 @@
+   SECStatus srv = ::mozilla::psm::InitializeNSS(profilePath, false, !safeMode);
+   if (srv == SECSuccess) {
+     MOZ_LOG(gPIPNSSLog, LogLevel::Debug, ("initialized NSS in r/w mode"));
++#ifndef ANDROID
++    MaybeCleanUpOldNSSFiles(profilePath);
++#endif // ifndef ANDROID
+     return NS_OK;
+   }
+ #ifndef ANDROID
+
diff --git a/SPECS/firefox.spec b/SPECS/firefox.spec
index 1a8ff00..dc6c20d 100644
--- a/SPECS/firefox.spec
+++ b/SPECS/firefox.spec
@@ -23,6 +23,11 @@
 %global use_rustts        1
 %global dts_version       7
 %global rst_version       7
+%global llvm_version      7
+%if 0%{?rhel} == 8
+%global rst_version       1.26
+%global llvm_version      6.0
+%endif
 
 # Use system cairo?
 %global system_cairo      0
@@ -122,7 +127,7 @@
 
 Summary:        Mozilla Firefox Web browser
 Name:           firefox
-Version:        60.2.2
+Version:        60.3.0
 Release:        1%{?pre_tag}%{?dist}
 URL:            https://www.mozilla.org/firefox/
 License:        MPLv1.1 or GPLv2+ or LGPLv2+
@@ -135,7 +140,7 @@ ExclusiveArch:  i686 x86_64 ppc64 s390x
 
 Source0:        https://hg.mozilla.org/releases/mozilla-release/archive/firefox-%{version}%{?pre_version}.source.tar.xz
 %if %{build_langpacks}
-Source1:        firefox-langpacks-%{version}%{?pre_version}-20181002.tar.xz
+Source1:        firefox-langpacks-%{version}%{?pre_version}-20181019.tar.xz
 %endif
 Source10:       firefox-mozconfig
 Source12:       firefox-redhat-default-prefs.js
@@ -189,6 +194,8 @@ Patch402:        mozilla-1196777.patch
 Patch406:        mozilla-256180.patch
 Patch413:        mozilla-1353817.patch
 Patch415:        mozilla-1436242.patch
+# Removing this patch could lead to deletion of passwords from user profile!
+Patch416:        mozilla-1475775-key3-revert.patch
 
 # Debian patches
 
@@ -239,18 +246,18 @@ BuildRequires:  devtoolset-%{dts_version}-gcc-c++
 BuildRequires:  devtoolset-%{dts_version}-gcc
 BuildRequires:  devtoolset-%{dts_version}-binutils
 BuildRequires:  devtoolset-%{dts_version}-libatomic-devel
-%if 0%{?rhel} > 6
-BuildRequires:  llvm-toolset-%{dts_version}
-BuildRequires:  llvm-toolset-%{dts_version}-llvm-devel
+%if 0%{?rhel} == 7
+BuildRequires:  llvm-toolset-%{llvm_version}
+BuildRequires:  llvm-toolset-%{llvm_version}-llvm-devel
 %endif
 %endif
 %if 0%{?use_rustts}
 BuildRequires:  rust-toolset-%{rst_version}-cargo
-BuildRequires:  rust-toolset-%{rst_version}-rust
+BuildRequires:  rust-toolset-%{rst_version}-rust >= 1.24
 %endif
 %if 0%{?rhel} == 8
-BuildRequires:  llvm-toolset-%{dts_version}
-BuildRequires:  llvm-toolset-%{dts_version}-llvm-devel
+BuildRequires:  llvm-toolset-%{llvm_version}
+BuildRequires:  llvm-toolset-%{llvm_version}-llvm-devel
 %endif
 %if 0%{?use_bundled_python}
 #%if 0%{?rhel} == 6
@@ -404,6 +411,7 @@ This package contains results of tests executed during build.
 # This needs to stay for the future releases
 %if 0%{?rhel} < 8
 %patch230 -p1 -b .1503632-nss
+%patch416 -R -p1 -b .1475775-key3-revert
 %endif
 
 #ARM run-time patch
@@ -416,6 +424,7 @@ This package contains results of tests executed during build.
 %patch413 -p1 -b .1353817
 %patch415 -p1 -b .1436242
 
+
 # Patch for big endian platforms only
 %if 0%{?big_endian}
 %patch26 -p1 -b .icu
@@ -1142,6 +1151,12 @@ gtk-update-icon-cache %{_datadir}/icons/hicolor &>/dev/null || :
 #---------------------------------------------------------------------
 
 %changelog
+* Fri Oct 19 2018 Jan Horak <jhorak@redhat.com> - 60.3.0-1
+- Update to 60.3.0 ESR
+
+* Wed Oct 10 2018 Jan Horak <jhorak@redhat.com> - 60.2.2-2
+- Added patch for rhbz#1633932
+
 * Tue Oct  2 2018 Jan Horak <jhorak@redhat.com> - 60.2.2-1
 - Update to 60.2.2 ESR