diff --git a/extra/firefox/checksums b/extra/firefox/checksums
index 24dc67f5..c5339e97 100644
--- a/extra/firefox/checksums
+++ b/extra/firefox/checksums
@@ -2,7 +2,7 @@
 6484da1d65744d0867ba3fb5e008bd32a1c17d9234a05225206f334f6f46909526
 3e4e722acd2ab2e38a16ec23b29296318d77cc54f034d4b21d91bde085e26bc0a3
 49e95cf848c09df618587bb8286bed3ed9531e24554b9ef275f070201078dba7f5
-1d235adaadc4c41092128986f7f4b239d00dc4a0f4377f7aa73d11e097ce8d4117
+9207f7b9aaaeaa7e55b07e8a723f34413f7436404a2c161751e92bf785dffdaa90
 8c0f419eb138061e67dbe2ac73e9c8332649fb90aacb57ac4f00d5de94c0cf23a8
 f65906c4942c676d93d12a5dfd4061e5a14981514ac58ee8d1a67e6724bcaf230a
 1cace7c18c7d80b4abe8665d5ec2c66a0f3c1807ff3f7c8311b925f8ed635037f0
diff --git a/extra/firefox/patches/musl-sandbox.patch b/extra/firefox/patches/musl-sandbox.patch
index 7fa69da9..89f6d4f5 100644
--- a/extra/firefox/patches/musl-sandbox.patch
+++ b/extra/firefox/patches/musl-sandbox.patch
@@ -1,22 +1,25 @@
-diff --git a/security/sandbox/linux/SandboxFilter.cpp b/security/sandbox/linux/SandboxFilter.cpp
-index a3b70e7..e5e604f 100644
+make SYS_fork non-fatal, musl uses it for fork(2)
+
 --- a/security/sandbox/linux/SandboxFilter.cpp
 +++ b/security/sandbox/linux/SandboxFilter.cpp
-@@ -1595,6 +1595,11 @@ class ContentSandboxPolicy : public SandboxPolicyCommon {
+@@ -1253,6 +1253,10 @@
+         // usually do something reasonable on error.
        case __NR_clone:
          return ClonePolicy(Error(EPERM));
- 
-+#  ifdef __NR_fork
++#ifdef __NR_fork
 +      case __NR_fork:
 +        return Error(ENOSYS);
-+#  endif
-+
++#endif
+ 
  #  ifdef __NR_fadvise64
        case __NR_fadvise64:
-         return Allow();
-@@ -1736,10 +1741,10 @@ class GMPSandboxPolicy : public SandboxPolicyCommon {
-         return Allow();
-       case __NR_sched_get_priority_min:
+
+upstream bug: https://bugzilla.mozilla.org/show_bug.cgi?id=1657849
+diff --git a/security/sandbox/linux/SandboxFilter.cpp b/security/sandbox/linux/SandboxFilter.cpp
+index ed958bc..9824433 100644
+--- a/security/sandbox/linux/SandboxFilter.cpp
++++ b/security/sandbox/linux/SandboxFilter.cpp
+@@ -1751,6 +1751,6 @@ class GMPSandboxPolicy : public SandboxPolicyCommon {
        case __NR_sched_get_priority_max:
 +      case __NR_sched_setscheduler:
          return Allow();
@@ -25,5 +28,14 @@ index a3b70e7..e5e604f 100644
 -      case __NR_sched_setscheduler: {
 +      case __NR_sched_getscheduler: {
          Arg<pid_t> pid(0);
-         return If(pid == 0, Allow()).Else(Trap(SchedTrap, nullptr));
+@@ -1926,3 +1926,2 @@ class RDDSandboxPolicy final : public SandboxPolicyCommon {
+       case __NR_sched_getscheduler:
+-      case __NR_sched_setscheduler:
+       case __NR_sched_getattr:
+@@ -1932,2 +1931,5 @@ class RDDSandboxPolicy final : public SandboxPolicyCommon {
        }
++      // sched_setscheduler gets special treatment here (bug 1657849):
++      case __NR_sched_setscheduler:
++        return Allow();
+ 
+