BLFS Security Advisories for 12.3

BLFS Security Advisories for BLFS 12.3 and the current development books.

BLFS-12.3 was released on 2025-03-05

There are currently no known security vulnerabilities for BLFS-12.3.

This page is in alphabetical order of packages, and if a package has multiple advisories the newer come first.

The links at the end of each item point to more details which have links to the development books.

In general, the severity is taken from upstream, if supplied, or from NVD (https://nvd.nist.gov/vuln/detail/) if an analysis is available there, but individual severity ratings at NVD can change over time. If no other information is available, 'High' will normally be assumed.

Firefox

12.3 002 Firefox Date: 2025-03-07 Severity: Critical

In Firefox-128.8.0esr, nine security vulnerabilities were fixed that could allow for remote code execution, remotely exploitable crashes, arbitrary code execution, clickjacking, and for web extensions to be disguised as different elements on a web page. Due to one of the remote code execution vulnerabilities being actively exploited in the wild, and because it does not require user interaction, the BLFS team recommends that all users who have Firefox installed update to 128.8.0esr as soon as possible. 12.3-002

Spidermonkey

12.3 001 Spidermonkey Date: 2025-03-07 Severity: High

In Spidermonkey-128.8.0, two security vulnerabilities were fixed that could allow for arbitrary code execution (due to type confusion), as well as arbitrary code execution due to unexpected garbage collection occuring during Regular Expression bailout processing. Note that the type confusion vulnerability only impacts 64-bit CPUs. Update to Spidermonkey-128.8.0. 12.3-001

Thunderbird

12.3 003 Thunderbird Date: 2025-03-07 Severity: Critical

In Thunderbird-128.8.0esr, nine security vulnerabilities were fixed that could allow for remote code execution, remotely exploitable crashes, arbitrary code execution, clickjacking, and for web extensions to be disguised as different elements on a web page. Due to one of the remote code execution vulnerabilities being actively exploited in the wild, and becuase it does not require user interaction, the BLFS team recommends that all users who have Thunderbird installed update to 128.8.0esr as soon as possible. 12.3-003