BLFS Security Advisories for 12.4

BLFS Security Advisories for BLFS 12.4 and the current development books.

BLFS-12.4 was released on 2025-09-01

This page is in alphabetical order of packages, and if a package has multiple advisories the newer come first.

The links at the end of each item point to more details which have links to the development books.

In general, the severity is taken from upstream, if supplied, or from NVD (https://nvd.nist.gov/vuln/detail/) if an analysis is available there, but individual severity ratings at NVD can change over time. If no other information is available, 'High' will normally be assumed.

Firefox

12.4 001 Firefox Date: 2025-09-19 Severity: High

In Firefox-140.3.0esr, 7 security vulnerabilities have been fixed that could allow for sandbox escaps, same-origin policy bypasses, exploitation of incorrect boundary conditions, integer overflows, networking information disclosure, and memory safety bugs. Update to Firefox-140.3.0esr. 12.4-001

SpiderMonkey

12.4 002 SpiderMonkey Date: 2025-09-19 Severity: Medium

In SpiderMonkey from Firefox-140.3.0esr, 1 security vulnerability has been fixed that could allow for exploitation of incorrect boundary conditions. Update to SpiderMonkey from Firefox-140.3.0esr. 12.4-002

Thunderbird

12.4 003 Thunderbird Date: 2025-09-19 Severity: High

In Thunderbird-140.3.0esr, 7 security vulnerabilities have been fixed that could allow for sandbox escaps, same-origin policy bypasses, exploitation of incorrect boundary conditions, integer overflows, networking information disclosure, and memory safety bugs. Update to Thunderbird-140.3.0esr. 12.4-003