diff --git a/MozillaThunderbird.changes b/MozillaThunderbird.changes
index 31a8c68..db9ca39 100644
--- a/MozillaThunderbird.changes
+++ b/MozillaThunderbird.changes
@@ -1,3 +1,48 @@
+-------------------------------------------------------------------
+Tue Oct 30 08:18:23 UTC 2018 - wr@rosenauer.org
+
+- update to Thunderbird 60.3.0
+  * various theme fixes
+  * Shift+PageUp/PageDown in Write window
+  * Gloda attachment filtering
+  * Mailing list address auto-complete enter/return handling
+  * Thunderbird hung if HTML signature references non-existent image
+  * Filters not working for headers that appear more than once
+- Security fixes for the Mozilla platform picked up from 60.3
+  (Firefox ESR release). In general, these flaws cannot be exploited
+  through email in Thunderbird because scripting is disabled when
+  reading mail, but are potentially risks in browser or browser-like
+  contexts (MFSA 2018-28) (bsc#1112852)
+  * CVE-2018-12391 (bmo#1478843) (Android only)
+    HTTP Live Stream audio data is accessible cross-origin
+  * CVE-2018-12392 (bmo#1492823)
+    Crash with nested event loops
+  * CVE-2018-12393 (bmo#1495011)
+    Integer overflow during Unicode conversion while loading JavaScript
+  * CVE-2018-12389 (bmo#1498460, bmo#1499198)
+    Memory safety bugs fixed in Firefox ESR 60.3
+  * CVE-2018-12390 (bmo#1487098, bmo#1487660, bmo#1490234, bmo#1496159,
+    bmo#1443748, bmo#1496340, bmo#1483905, bmo#1493347, bmo#1488803,
+    bmo#1498701, bmo#1498482, bmo#1442010, bmo#1495245, bmo#1483699,
+    bmo#1469486, bmo#1484905, bmo#1490561, bmo#1492524, bmo#1481844)
+    Memory safety bugs fixed in Firefox 63 and Firefox ESR 60.3
+
+-------------------------------------------------------------------
+Thu Oct 25 14:40:14 UTC 2018 - guillaume.gardet@opensuse.org
+
+- Update _constraints for armv6/7
+
+-------------------------------------------------------------------
+Thu Oct 25 08:26:12 UTC 2018 - guillaume.gardet@opensuse.org
+
+- Add patch to fix build on armv7:
+  * mozilla-bmo1463035.patch
+
+-------------------------------------------------------------------
+Thu Oct 25 08:25:52 UTC 2018 - guillaume.gardet@opensuse.org
+
+- Add memory-constraints to avoid OOM errors
+
 -------------------------------------------------------------------
 Fri Oct 12 14:26:17 UTC 2018 - meissner@suse.com
 
@@ -15,7 +60,7 @@ Tue Oct  2 10:08:00 UTC 2018 - wr@rosenauer.org
   * Fix multiple requests for master password when Google Mail or
     Calendar OAuth2 is enabled
   * Fix scrollbar of the address entry auto-complete popup
-  * Fix security info dialog in compose window not showing 
+  * Fix security info dialog in compose window not showing
     certificate status
   * Fix links in the Add-on Manager's search results and theme
     browsing tabs that opened in external browser
diff --git a/MozillaThunderbird.spec b/MozillaThunderbird.spec
index 96f3d8c..ff41b81 100644
--- a/MozillaThunderbird.spec
+++ b/MozillaThunderbird.spec
@@ -13,13 +13,13 @@
 # license that conforms to the Open Source Definition (Version 1.9)
 # published by the Open Source Initiative.
 
-# Please submit bugfixes or comments via http://bugs.opensuse.org/
+# Please submit bugfixes or comments via https://bugs.opensuse.org/
 #
 
 
-%define mainversion 60.2.1
+%define mainversion 60.3.0
 %define update_channel release
-%define releasedate 20180930223627
+%define releasedate 20181025202514
 
 %bcond_without mozilla_tb_kde4
 %bcond_with    mozilla_tb_valgrind
@@ -42,6 +42,7 @@ BuildRequires:  libXcomposite-devel
 BuildRequires:  libcurl-devel
 BuildRequires:  libidl-devel
 BuildRequires:  libnotify-devel
+BuildRequires:  memory-constraints
 BuildRequires:  mozilla-nspr-devel >= 4.19
 BuildRequires:  mozilla-nss-devel >= 3.36.4
 BuildRequires:  python
@@ -119,6 +120,7 @@ Patch7:         mozilla-bmo1375074.patch
 Patch8:         mozilla-bmo1464766.patch
 Patch9:         mozilla-i586-DecoderDoctorLogger.patch
 Patch10:        mozilla-i586-domPrefs.patch
+Patch11:        mozilla-bmo1463035.patch
 BuildRoot:      %{_tmppath}/%{name}-%{version}-build
 PreReq:         coreutils fileutils textutils /bin/sh
 Recommends:     libcanberra0
@@ -202,6 +204,7 @@ symbols meant for upload to Mozilla's crash collector database.
 %patch9 -p1
 %patch10 -p1
 %endif
+%patch11 -p1
 
 %build
 # no need to add build time to binaries
@@ -251,6 +254,8 @@ export MOZCONFIG=$RPM_BUILD_DIR/mozconfig
 # is not forced into CFLAGS
 export MOZ_DEBUG_FLAGS="-pipe"
 #
+# Limit RAM usage to avoid OOM
+%limit_build -m 1500
 cat << EOF > $MOZCONFIG
 mk_add_options MOZILLA_OFFICIAL=1
 mk_add_options BUILD_OFFICIAL=1
diff --git a/_constraints b/_constraints
index d08bc8a..ff2151c 100644
--- a/_constraints
+++ b/_constraints
@@ -12,15 +12,6 @@
     <conditions>
       <arch>armv6l</arch>
       <arch>armv7l</arch>
-    </conditions>
-    <hardware>
-      <memory>
-        <size unit="M">2600</size>
-      </memory>
-    </hardware>
-  </overwrite>
-  <overwrite>
-    <conditions>
       <arch>aarch64</arch>
     </conditions>
     <hardware>
diff --git a/compare-locales.tar.xz b/compare-locales.tar.xz
index 9da5f4a..392183b 100644
--- a/compare-locales.tar.xz
+++ b/compare-locales.tar.xz
@@ -1,3 +1,3 @@
 version https://git-lfs.github.com/spec/v1
-oid sha256:ad03f7c20354dd56fa2501c5018e7b2ce512315da9b462c37358f4b7d30b26af
-size 28372
+oid sha256:158df1b15780d704364f4d7ee7eb6289252d8f338ce6823da325bb0129a65181
+size 28432
diff --git a/create-tar.sh b/create-tar.sh
index 14a69c7..0971bd1 100644
--- a/create-tar.sh
+++ b/create-tar.sh
@@ -2,9 +2,9 @@
 
 CHANNEL="esr60"
 BRANCH="releases/comm-$CHANNEL"
-RELEASE_TAG="5cdee4ae33c0868ae420a5a826c63b42d823c584"
-MOZ_RELEASE_TAG="8d71faee5dcdd0773b7e0830b8fad96a6bda559b"
-VERSION="60.2.1"
+RELEASE_TAG="dd958ef605d132d08a063f29606737ffb3453e68"
+MOZ_RELEASE_TAG="ab014151d4c338562949c28aa140786b548856ca"
+VERSION="60.3.0"
 VERSION_SUFFIX=""
 LOCALE_FILE="thunderbird-$VERSION/comm/mail/locales/l10n-changesets.json"
 
diff --git a/l10n-60.2.1.tar.xz b/l10n-60.2.1.tar.xz
deleted file mode 100644
index 57b1570..0000000
--- a/l10n-60.2.1.tar.xz
+++ /dev/null
@@ -1,3 +0,0 @@
-version https://git-lfs.github.com/spec/v1
-oid sha256:6cfc0c4dd586141d79fde3aa1360c50bd78f90ef393484a7112f8afd416e2067
-size 27451556
diff --git a/l10n-60.3.0.tar.xz b/l10n-60.3.0.tar.xz
new file mode 100644
index 0000000..bd7030f
--- /dev/null
+++ b/l10n-60.3.0.tar.xz
@@ -0,0 +1,3 @@
+version https://git-lfs.github.com/spec/v1
+oid sha256:7be94c4cce5562e3a414691beee347a8b4940c41742e8270090d8b4215fcefb9
+size 27433892
diff --git a/mozilla-bmo1463035.patch b/mozilla-bmo1463035.patch
new file mode 100644
index 0000000..039f039
--- /dev/null
+++ b/mozilla-bmo1463035.patch
@@ -0,0 +1,130 @@
+
+# HG changeset patch
+# User Mike Hommey <mh+mozilla@glandium.org>
+# Date 1526871862 -32400
+# Node ID 94f21505ff13cd089f7129cd24927cf8b31a0f43
+# Parent  1800b8895c08bc0c60302775dc0a4b5ea4deb310
+Bug 1463035 - Remove MOZ_SIGNAL_TRAMPOLINE. r?darchons
+
+For some reason, GNU as is not happy with the assembly generated after
+bug 1238661 anymore on Debian armel.
+
+OTOH, as mentioned in bug 1238661 comment 4, we actually don't need this
+workaround anymore, so let's just kill it.
+
+
+diff --git a/mfbt/LinuxSignal.h b/mfbt/LinuxSignal.h
+deleted file mode 100644
+--- a/mfbt/LinuxSignal.h
++++ /dev/null
+@@ -1,45 +0,0 @@
+-/* This Source Code Form is subject to the terms of the Mozilla Public
+- * License, v. 2.0. If a copy of the MPL was not distributed with this
+- * file, You can obtain one at http://mozilla.org/MPL/2.0/. */
+-
+-#ifndef mozilla_LinuxSignal_h
+-#define mozilla_LinuxSignal_h
+-
+-namespace mozilla {
+-
+-#if defined(__arm__)
+-
+-// Some (old) Linux kernels on ARM have a bug where a signal handler
+-// can be called without clearing the IT bits in CPSR first. The result
+-// is that the first few instructions of the handler could be skipped,
+-// ultimately resulting in crashes. To workaround this bug, the handler
+-// on ARM is a trampoline that starts with enough NOP instructions, so
+-// that even if the IT bits are not cleared, only the NOP instructions
+-// will be skipped over.
+-
+-template <void (*H)(int, siginfo_t*, void*)>
+-__attribute__((naked)) void
+-SignalTrampoline(int aSignal, siginfo_t* aInfo, void* aContext)
+-{
+-  asm volatile (
+-    "nop; nop; nop; nop"
+-    : : : "memory");
+-
+-  asm volatile (
+-    "b %0"
+-    :
+-    : "X"(H)
+-    : "memory");
+-}
+-
+-# define MOZ_SIGNAL_TRAMPOLINE(h) (mozilla::SignalTrampoline<h>)
+-
+-#else // __arm__
+-
+-# define MOZ_SIGNAL_TRAMPOLINE(h) (h)
+-
+-#endif // __arm__
+-
+-} // namespace mozilla
+-
+-#endif // mozilla_LinuxSignal_h
+diff --git a/mfbt/moz.build b/mfbt/moz.build
+--- a/mfbt/moz.build
++++ b/mfbt/moz.build
+@@ -117,20 +117,16 @@ EXPORTS["double-conversion"] = [
+ LOCAL_INCLUDES += [
+     '/mfbt/double-conversion',
+ ]
+ 
+ if CONFIG['OS_ARCH'] == 'WINNT':
+     EXPORTS.mozilla += [
+         'WindowsVersion.h',
+     ]
+-elif CONFIG['OS_ARCH'] == 'Linux':
+-    EXPORTS.mozilla += [
+-        'LinuxSignal.h',
+-    ]
+ 
+ UNIFIED_SOURCES += [
+     'Assertions.cpp',
+     'ChaosMode.cpp',
+     'double-conversion/double-conversion/bignum-dtoa.cc',
+     'double-conversion/double-conversion/bignum.cc',
+     'double-conversion/double-conversion/cached-powers.cc',
+     'double-conversion/double-conversion/diy-fp.cc',
+diff --git a/tools/profiler/core/platform-linux-android.cpp b/tools/profiler/core/platform-linux-android.cpp
+--- a/tools/profiler/core/platform-linux-android.cpp
++++ b/tools/profiler/core/platform-linux-android.cpp
+@@ -55,17 +55,16 @@
+ #ifdef __GLIBC__
+ #include <execinfo.h>   // backtrace, backtrace_symbols
+ #endif  // def __GLIBC__
+ #include <strings.h>    // index
+ #include <errno.h>
+ #include <stdarg.h>
+ 
+ #include "prenv.h"
+-#include "mozilla/LinuxSignal.h"
+ #include "mozilla/PodOperations.h"
+ #include "mozilla/DebugOnly.h"
+ 
+ #include <string.h>
+ #include <list>
+ 
+ using namespace mozilla;
+ 
+@@ -272,17 +271,17 @@ Sampler::Sampler(PSLockRef aLock)
+ 
+   // NOTE: We don't initialize LUL here, instead initializing it in
+   // SamplerThread's constructor. This is because with the
+   // profiler_suspend_and_sample_thread entry point, we want to be able to
+   // sample without waiting for LUL to be initialized.
+ 
+   // Request profiling signals.
+   struct sigaction sa;
+-  sa.sa_sigaction = MOZ_SIGNAL_TRAMPOLINE(SigprofHandler);
++  sa.sa_sigaction = SigprofHandler;
+   sigemptyset(&sa.sa_mask);
+   sa.sa_flags = SA_RESTART | SA_SIGINFO;
+   if (sigaction(SIGPROF, &sa, &mOldSigprofHandler) != 0) {
+     MOZ_CRASH("Error installing SIGPROF handler in the profiler");
+   }
+ }
+ 
+ void
+
diff --git a/thunderbird-60.2.1.source.tar.xz b/thunderbird-60.2.1.source.tar.xz
deleted file mode 100644
index 7883e8b..0000000
--- a/thunderbird-60.2.1.source.tar.xz
+++ /dev/null
@@ -1,3 +0,0 @@
-version https://git-lfs.github.com/spec/v1
-oid sha256:d313f25cd7ddc016bf8e4d4115f14b34a66621c0feabbc0dd72f9304cb93d7bf
-size 284570000
diff --git a/thunderbird-60.2.1.source.tar.xz.asc b/thunderbird-60.2.1.source.tar.xz.asc
deleted file mode 100644
index 8ab3acc..0000000
--- a/thunderbird-60.2.1.source.tar.xz.asc
+++ /dev/null
@@ -1,17 +0,0 @@
------BEGIN PGP SIGNATURE-----
-Version: GnuPG v2.0.14 (GNU/Linux)
-
-iQIcBAABCAAGBQJbsjeEAAoJELu+vbskxvNV2hEP/3dWNPNcF0+A1S+ePf/JXyn8
-a3DFlu2s7ihtsFy4EW7CcOHyMdRIiKAPlrCKJR4DQorL0C1S+Q/WaFyyibQX3oSi
-Q/g1Ch1sKKz03YIKweLHzz0eTQDvcxY2AbJkrsJNNrZH/5MvCh0jbohWeBwsJ3s7
-OtxPDAHBSSL0oJOj6klrBfWMLamOyBhiH8RdUTJzsIHuKusco6hJwlilQrwnfTZB
-FZfp88D69v2bQS1JdkzJvSQFD0GsS75fej3qwvqMiUiuBFl4KYD+oly0Th3XqHt6
-PD+1YqagRPpZt253Sv12KUG06OkoK+TgTiseKbY1lT2k+4TvSw68jocZbsIYuOFH
-uxyVWQhWxkwvcxeD1qZr0r0NjFd8uFvG72G6JxRfYUO2XjGKBqYjexUhI8zzAoyU
-00AmnwyeTEMg8Y/PTlh7NxKMITJFUX5HAatSB9eyBgQdKcalbZb+lCQZzccv9kd6
-9JxeRg+8TlM8SNOv3upLdqH8m2DCNCgWpURJW10+jf5O1qIm5G2K2lvffum9lTJ+
-cOu8+WN5lFR9UV3f0nAvWDb7KeK/i+pIDVozhCKXuGJbWRguhtVQICJBzYcn3lk0
-VB/xHlDrK4oIEG/BWAWAZsDt8ScRn4d0bwIVPC/NAN14AaritBFcR6lwfBGRH6on
-pbq7+PPTen/nfk303ub5
-=y8ku
------END PGP SIGNATURE-----
diff --git a/thunderbird-60.3.0.source.tar.xz b/thunderbird-60.3.0.source.tar.xz
new file mode 100644
index 0000000..156315b
--- /dev/null
+++ b/thunderbird-60.3.0.source.tar.xz
@@ -0,0 +1,3 @@
+version https://git-lfs.github.com/spec/v1
+oid sha256:23fc097a5aa62006919029df890e5e2bec38c2c3e6081723040ef702ff6e4a7b
+size 285211708
diff --git a/thunderbird-60.3.0.source.tar.xz.asc b/thunderbird-60.3.0.source.tar.xz.asc
new file mode 100644
index 0000000..25c9d50
--- /dev/null
+++ b/thunderbird-60.3.0.source.tar.xz.asc
@@ -0,0 +1,17 @@
+-----BEGIN PGP SIGNATURE-----
+Version: GnuPG v2.0.14 (GNU/Linux)
+
+iQIcBAABCAAGBQJb2EY1AAoJELu+vbskxvNVjCAP+wVmU2xhLhneLRJ/0iE6wWD6
+PH/9lt/wNi8KutxeVzfrnS1AS/RnpgbTkbVg9FZqzJQ30SjhQ4u/3i7MsgFpCS4Y
+qhNs0sIvp7RKDTd+2wubk+/GLoDSPlSdEJO3jTUXBc6D25GzMfrd89kShJsLlfb8
+WqFchIwP3ivlIaocL5/I1+GOhP4KxND10RgEICKwwJ3qlE+AKsX+pGWvM7McKjuJ
+Usnss7BtXB/QfjjJEdTMCx+imFPbUV4SWg9UaY5H/sPHxhlNbulHgGjuUdFJPrU5
+RSCkkOYodp/XsIvVneswGmoqd3g9v3rF5Dari1YavxSB/LguafDmny83hgVnyiUp
+KohhntuQmLuOaT1YL78igc1QY/edtFd8wpsjwI27aIuI20wqT0kN+maSOExvavDI
+Z60SIflw12GOg9ZqnsWiOdc67reD0fT8e56xfSOXELQUklDBubg9Lxz4P/06zFUb
+cvNd961Cg3GuYloBkTpWKMcuvfRiGmR+EbHFTVEHbcYsdvWaAHHmcbup18ak/fUx
+LoheXza7zXbjYrwWyEWiXuhpFFzuqSLojeuBW8omklw8Ia3+p+4NZHCFUjt+3eEh
+AQpLf7Jh0UCogXKEgUowPyetUv1oBYWosyRLvkBBUwZaZ+DvjLneRf6bDB/BCoSE
+lrUVNb11lX42wHZpcJVB
+=KX6F
+-----END PGP SIGNATURE-----