diff --git a/build/moz.configure/update-programs.configure b/build/moz.configure/update-programs.configure
index de5ac39d568f..3f1d3544583f 100644
--- a/build/moz.configure/update-programs.configure
+++ b/build/moz.configure/update-programs.configure
@@ -73,7 +73,7 @@ def mac_prod_requirements_string(identifier):
         f'identifier "{identifier}" and anchor apple generic and '
         "certificate 1[field.1.2.840.113635.100.6.2.6] and "
         "certificate leaf[field.1.2.840.113635.100.6.1.13] and "
-        'certificate leaf[subject.OU] = "43AQ936H96"'
+        'certificate leaf[subject.OU] = "PZWYM7N4GF"'
     )
 
 
@@ -95,7 +95,7 @@ set_config("MOZ_SMAUTHORIZEDCLIENTS_REQUIREMENTS", smauthorizedclients_requireme
 
 @depends("--enable-mac-elevated-updates-with-generic-certs", when=target_is_osx)
 def smprivilegedexec_requirements(enabled):
-    updater_id = "org.mozilla.updater"
+    updater_id = "net.waterfox.updater"
     if enabled:
         return mac_relaxed_requirements_string(updater_id)
     else:
diff --git a/security/mac/hardenedruntime/production/firefox.browser.xml b/security/mac/hardenedruntime/production/firefox.browser.xml
index abbf33e9d2b3..ca84aa526b4f 100644
--- a/security/mac/hardenedruntime/production/firefox.browser.xml
+++ b/security/mac/hardenedruntime/production/firefox.browser.xml
@@ -2,23 +2,23 @@
 <!DOCTYPE plist PUBLIC "-//Apple//DTD PLIST 1.0//EN" "http://www.apple.com/DTDs/PropertyList-1.0.dtd">
 <!--
      Entitlements to apply to the main browser process executable during
-     codesigning of production channel builds.
+     codesigning of production channel builds for Waterfox.
 -->
 <plist version="1.0">
   <dict>
     <!-- Allow loading third party libraries to support pkcs11 modules -->
     <key>com.apple.security.cs.disable-library-validation</key><true/>
 
-    <!-- Firefox needs to create executable pages with MAP_JIT on aarch64 -->
+    <!-- Waterfox needs to create executable pages with MAP_JIT on aarch64 -->
     <key>com.apple.security.cs.allow-jit</key><true/>
 
-    <!-- Firefox needs to access the microphone on sites the user allows -->
+    <!-- Waterfox needs to access the microphone on sites the user allows -->
     <key>com.apple.security.device.audio-input</key><true/>
 
-    <!-- Firefox needs to access the camera on sites the user allows -->
+    <!-- Waterfox needs to access the camera on sites the user allows -->
     <key>com.apple.security.device.camera</key><true/>
 
-    <!-- Firefox needs to access the location on sites the user allows -->
+    <!-- Waterfox needs to access the location on sites the user allows -->
     <key>com.apple.security.personal-information.location</key><true/>
 
     <!-- For SmartCardServices(7) -->
@@ -26,7 +26,7 @@
 
     <!-- Required for com.apple.developer.web-browser.public-key-credential -->
     <key>com.apple.application-identifier</key>
-    <string>43AQ936H96.org.mozilla.firefox</string>
+    <string>PZWYM7N4GF.net.waterfox.waterfox</string>
 
     <!-- For platform passkey (webauthn) support -->
     <key>com.apple.developer.web-browser.public-key-credential</key><true/>
diff --git a/taskcluster/config.yml b/taskcluster/config.yml
index be30c06eb507..4bf4c8873c31 100644
--- a/taskcluster/config.yml
+++ b/taskcluster/config.yml
@@ -1017,7 +1017,7 @@ mac-signing:
                       - "/Contents/MacOS/crashreporter.app"
                       - "/Contents/MacOS/updater.app/Contents/Frameworks/UpdateSettings.framework"
                       - "/Contents/MacOS/updater.app"
-                      - "/Contents/Library/LaunchServices/org.mozilla.updater"
+                      - "/Contents/Library/LaunchServices/net.waterfox.updater"
                       - "/Contents/MacOS/XUL"
                       - "/Contents/MacOS/pingsender"
                       - "/Contents/MacOS/nmhproxy"
@@ -1062,7 +1062,7 @@ mac-signing:
                       - "/Contents/MacOS/crashreporter.app"
                       - "/Contents/MacOS/updater.app/Contents/Frameworks/UpdateSettings.framework"
                       - "/Contents/MacOS/updater.app"
-                      - "/Contents/Library/LaunchServices/org.mozilla.updater"
+                      - "/Contents/Library/LaunchServices/net.waterfox.updater"
                       - "/Contents/MacOS/pingsender"
                       - "/Contents/MacOS/nmhproxy"
                       - "/Contents/Frameworks/ChannelPrefs.framework"
diff --git a/toolkit/xre/nsCommandLineServiceMac.mm b/toolkit/xre/nsCommandLineServiceMac.mm
index 3758fe471a5d..6ab9228c4c2f 100644
--- a/toolkit/xre/nsCommandLineServiceMac.mm
+++ b/toolkit/xre/nsCommandLineServiceMac.mm
@@ -61,7 +61,7 @@ void SetupMacCommandLine(int& argc, char**& argv, bool forRestart) {
     // Essentially, we are using the updater as a relauncher process.
     NSString* updaterPath = [[path stringByDeletingLastPathComponent]
         stringByAppendingPathComponent:
-            @"updater.app/Contents/MacOS/org.mozilla.updater"];
+            @"updater.app/Contents/MacOS/net.waterfox.updater"];
     AddToCommandLine(updaterPath.UTF8String);
     AddToCommandLine("--openAppBundle");
   }
@@ -76,7 +76,7 @@ void SetupMacCommandLine(int& argc, char**& argv, bool forRestart) {
   // versions of macOS and we may be able to switch to the NSWorkspace API once
   // we no longer support the older versions of macOS where these errors occur.
   // See bug 1911178.
-  if (![path hasSuffix:@"org.mozilla.updater"] && ![path hasSuffix:@".app"]) {
+  if (![path hasSuffix:@"net.waterfox.updater"] && ![path hasSuffix:@".app"]) {
     // Ensure that the path in the first argument points to the .app bundle.
     // This strips three last path components, for example:
     //
@@ -85,7 +85,7 @@ void SetupMacCommandLine(int& argc, char**& argv, bool forRestart) {
     path = [[[path stringByDeletingLastPathComponent]
         stringByDeletingLastPathComponent] stringByDeletingLastPathComponent];
   }
-  if (![path hasSuffix:@"org.mozilla.updater"] && ![path hasSuffix:@".app"]) {
+  if (![path hasSuffix:@"net.waterfox.updater"] && ![path hasSuffix:@".app"]) {
     // We were unable to obtain the path to the .app bundle and are unable to
     // build a valid command line.
     return;
diff --git a/tools/signing/macos/mach_commands.py b/tools/signing/macos/mach_commands.py
index 454a9bbc3580..5dc740a5ab0e 100644
--- a/tools/signing/macos/mach_commands.py
+++ b/tools/signing/macos/mach_commands.py
@@ -37,7 +37,7 @@ from mozbuild.base import MachCommandConditions as conditions
     "Release channel entitlements, but the configuration used will be the "
     "Release configuration as defined in the repo working directory, not the "
     "configuration from the revision of the earlier 120 build.",
-    conditions=[conditions.is_firefox],
+#    conditions=[conditions.is_firefox],
 )
 @CommandArgument(
     "-v",
@@ -378,10 +378,10 @@ def auto_detect_channel(ctx, app):
     # The bundle IDs for different channels. We use these strings to
     # auto-detect the channel being signed. Different channels use
     # different entitlement files.
-    NIGHTLY_BUNDLEID = "org.mozilla.nightly"
+    NIGHTLY_BUNDLEID = "net.mozilla.nightly"
     DEVEDITION_BUNDLEID = "org.mozilla.firefoxdeveloperedition"
     # BETA uses the same bundle ID as Release
-    RELEASE_BUNDLEID = "org.mozilla.firefox"
+    RELEASE_BUNDLEID = "net.waterfox.waterfox"
 
     info_plist = os.path.join(app, "Contents/Info.plist")