Описание
Security update for mozjs128
This update for mozjs128 fixes the following issues:
-
Update to version 128.14.0 (bsc#1248162):
- CVE-2025-9179: Sandbox escape due to invalid pointer in the Audio/Video: GMP component
- CVE-2025-9180: Same-origin policy bypass in the Graphics: Canvas2D component
- CVE-2025-9181: Uninitialized memory in the JavaScript Engine component
- CVE-2025-9185: Memory safety bugs fixed in Firefox ESR 115.27, Firefox ESR 128.14, Thunderbird ESR 128.14, Firefox ESR 140.2, Thunderbird ESR 140.2, Firefox 142 and Thunderbird 142
-
Update to version 128.13.0:
- CVE-2025-8027: JavaScript engine only wrote partial return value to stack
- CVE-2025-8028: Large branch table could lead to truncated instruction
- CVE-2025-8029: javascript: URLs executed on object and embed tags
- CVE-2025-8030: Potential user-assisted code execution in “Copy as cURL” command
- CVE-2025-8031: Incorrect URL stripping in CSP reports
- CVE-2025-8032: XSLT documents could bypass CSP
- CVE-2025-8033: Incorrect JavaScript state machine for generators
- CVE-2025-8034: Memory safety bugs fixed in Firefox ESR 115.26, Firefox ESR 128.13, Thunderbird ESR 128.13, Firefox ESR 140.1, Thunderbird ESR 140.1, Firefox 141 and Thunderbird 141
- CVE-2025-8035: Memory safety bugs fixed in Firefox ESR 128.13, Thunderbird ESR 128.13, Firefox ESR 140.1, Thunderbird ESR 140.1, Firefox 141 and Thunderbird 141
-
Update to version 128.12.0:
- CVE-2025-6424: Use-after-free in FontFaceSet
- CVE-2025-6425: The WebCompat WebExtension shipped with Firefox exposed a persistent UUID
- CVE-2025-6426: No warning when opening executable terminal files on macOS
- CVE-2025-6429: Incorrect parsing of URLs could have allowed embedding of youtube.com
- CVE-2025-6430: Content-Disposition header ignored when a file is included in an embed or object tag
-
Update to version 128.11.0:
- CVE-2025-5283: Double-free in libvpx encoder
- CVE-2025-5263: Error handling for script execution was incorrectly isolated from web content
- CVE-2025-5264: Potential local code execution in “Copy as cURL” command
- CVE-2025-5265: Potential local code execution in “Copy as cURL” command
- CVE-2025-5266: Script element events leaked cross-origin resource status
- CVE-2025-5267: Clickjacking vulnerability could have led to leaking saved payment card details
- CVE-2025-5268: Memory safety bugs fixed in Firefox 139, Thunderbird 139, Firefox ESR 128.11, and Thunderbird 128.11
- CVE-2025-5269: Memory safety bug fixed in Firefox ESR 128.11 and Thunderbird 128.11
Список пакетов
openSUSE Leap 16.0
Ссылки
- SUSE Security Ratings
- SUSE Bug 1248162
- SUSE CVE CVE-2025-5263 page
- SUSE CVE CVE-2025-5264 page
- SUSE CVE CVE-2025-5265 page
- SUSE CVE CVE-2025-5266 page
- SUSE CVE CVE-2025-5267 page
- SUSE CVE CVE-2025-5268 page
- SUSE CVE CVE-2025-5269 page
- SUSE CVE CVE-2025-5283 page
- SUSE CVE CVE-2025-6424 page
- SUSE CVE CVE-2025-6425 page
- SUSE CVE CVE-2025-6426 page
- SUSE CVE CVE-2025-6429 page
- SUSE CVE CVE-2025-6430 page
- SUSE CVE CVE-2025-8027 page
- SUSE CVE CVE-2025-8028 page
- SUSE CVE CVE-2025-8029 page
- SUSE CVE CVE-2025-8030 page
- SUSE CVE CVE-2025-8031 page
Описание
Error handling for script execution was incorrectly isolated from web content, which could have allowed cross-origin leak attacks. This vulnerability affects Firefox < 139, Firefox ESR < 115.24, Firefox ESR < 128.11, Thunderbird < 139, and Thunderbird < 128.11.
Затронутые продукты
Ссылки
- CVE-2025-5263
- SUSE Bug 1243353
Описание
Due to insufficient escaping of the newline character in the "Copy as cURL" feature, an attacker could trick a user into using this command, potentially leading to local code execution on the user's system. This vulnerability affects Firefox < 139, Firefox ESR < 115.24, Firefox ESR < 128.11, Thunderbird < 139, and Thunderbird < 128.11.
Затронутые продукты
Ссылки
- CVE-2025-5264
- SUSE Bug 1243353
Описание
Due to insufficient escaping of the ampersand character in the "Copy as cURL" feature, an attacker could trick a user into using this command, potentially leading to local code execution on the user's system. *This bug only affects Firefox for Windows. Other versions of Firefox are unaffected.* This vulnerability affects Firefox < 139, Firefox ESR < 115.24, Firefox ESR < 128.11, Thunderbird < 139, and Thunderbird < 128.11.
Затронутые продукты
Ссылки
- CVE-2025-5265
- SUSE Bug 1243353
Описание
Script elements loading cross-origin resources generated load and error events which leaked information enabling XS-Leaks attacks. This vulnerability affects Firefox < 139, Firefox ESR < 128.11, Thunderbird < 139, and Thunderbird < 128.11.
Затронутые продукты
Ссылки
- CVE-2025-5266
- SUSE Bug 1243353
Описание
A clickjacking vulnerability could have been used to trick a user into leaking saved payment card details to a malicious page. This vulnerability affects Firefox < 139, Firefox ESR < 128.11, Thunderbird < 139, and Thunderbird < 128.11.
Затронутые продукты
Ссылки
- CVE-2025-5267
- SUSE Bug 1243353
Описание
Memory safety bugs present in Firefox 138, Thunderbird 138, Firefox ESR 128.10, and Thunderbird 128.10. Some of these bugs showed evidence of memory corruption and we presume that with enough effort some of these could have been exploited to run arbitrary code. This vulnerability affects Firefox < 139, Firefox ESR < 128.11, Thunderbird < 139, and Thunderbird < 128.11.
Затронутые продукты
Ссылки
- CVE-2025-5268
- SUSE Bug 1243353
Описание
Memory safety bug present in Firefox ESR 128.10, and Thunderbird 128.10. This bug showed evidence of memory corruption and we presume that with enough effort this could have been exploited to run arbitrary code. This vulnerability affects Firefox ESR < 128.11 and Thunderbird < 128.11.
Затронутые продукты
Ссылки
- CVE-2025-5269
- SUSE Bug 1243353
Описание
Use after free in libvpx in Google Chrome prior to 137.0.7151.55 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: Medium)
Затронутые продукты
Ссылки
- CVE-2025-5283
- SUSE Bug 1243741
Описание
A use-after-free in FontFaceSet resulted in a potentially exploitable crash. This vulnerability affects Firefox < 140, Firefox ESR < 115.25, Firefox ESR < 128.12, Thunderbird < 140, and Thunderbird < 128.12.
Затронутые продукты
Ссылки
- CVE-2025-6424
- SUSE Bug 1244670
Описание
An attacker who enumerated resources from the WebCompat extension could have obtained a persistent UUID that identified the browser, and persisted between containers and normal/private browsing mode, but not profiles. This vulnerability affects Firefox < 140, Firefox ESR < 115.25, Firefox ESR < 128.12, Thunderbird < 140, and Thunderbird < 128.12.
Затронутые продукты
Ссылки
- CVE-2025-6425
- SUSE Bug 1244670
Описание
The executable file warning did not warn users before opening files with the `terminal` extension. *This bug only affects Firefox for macOS. Other versions of Firefox are unaffected.* This vulnerability affects Firefox < 140, Firefox ESR < 128.12, Thunderbird < 140, and Thunderbird < 128.12.
Затронутые продукты
Ссылки
- CVE-2025-6426
- SUSE Bug 1244670
Описание
Firefox could have incorrectly parsed a URL and rewritten it to the youtube.com domain when parsing the URL specified in an `embed` tag. This could have bypassed website security checks that restricted which domains users were allowed to embed. This vulnerability affects Firefox < 140, Firefox ESR < 128.12, Thunderbird < 140, and Thunderbird < 128.12.
Затронутые продукты
Ссылки
- CVE-2025-6429
- SUSE Bug 1244670
Описание
When a file download is specified via the `Content-Disposition` header, that directive would be ignored if the file was included via a `<embed>` or `<object>` tag, potentially making a website vulnerable to a cross-site scripting attack. This vulnerability affects Firefox < 140, Firefox ESR < 128.12, Thunderbird < 140, and Thunderbird < 128.12.
Затронутые продукты
Ссылки
- CVE-2025-6430
- SUSE Bug 1244670
Описание
On 64-bit platforms IonMonkey-JIT only wrote 32 bits of the 64-bit return value space on the stack. Baseline-JIT, however, read the entire 64 bits. This vulnerability affects Firefox < 141, Firefox ESR < 115.26, Firefox ESR < 128.13, Firefox ESR < 140.1, Thunderbird < 141, Thunderbird < 128.13, and Thunderbird < 140.1.
Затронутые продукты
Ссылки
- CVE-2025-8027
- SUSE Bug 1246664
Описание
On arm64, a WASM `br_table` instruction with a lot of entries could lead to the label being too far from the instruction causing truncation and incorrect computation of the branch address. This vulnerability affects Firefox < 141, Firefox ESR < 115.26, Firefox ESR < 128.13, Firefox ESR < 140.1, Thunderbird < 141, Thunderbird < 128.13, and Thunderbird < 140.1.
Затронутые продукты
Ссылки
- CVE-2025-8028
- SUSE Bug 1246664
Описание
Thunderbird executed `javascript:` URLs when used in `object` and `embed` tags. This vulnerability affects Firefox < 141, Firefox ESR < 128.13, Firefox ESR < 140.1, Thunderbird < 141, Thunderbird < 128.13, and Thunderbird < 140.1.
Затронутые продукты
Ссылки
- CVE-2025-8029
- SUSE Bug 1246664
Описание
Insufficient escaping in the "Copy as cURL" feature could potentially be used to trick a user into executing unexpected code. This vulnerability affects Firefox < 141, Firefox ESR < 128.13, Firefox ESR < 140.1, Thunderbird < 141, Thunderbird < 128.13, and Thunderbird < 140.1.
Затронутые продукты
Ссылки
- CVE-2025-8030
- SUSE Bug 1246664
Описание
The `username:password` part was not correctly stripped from URLs in CSP reports potentially leaking HTTP Basic Authentication credentials. This vulnerability affects Firefox < 141, Firefox ESR < 128.13, Firefox ESR < 140.1, Thunderbird < 141, Thunderbird < 128.13, and Thunderbird < 140.1.
Затронутые продукты
Ссылки
- CVE-2025-8031
- SUSE Bug 1246664
Описание
XSLT document loading did not correctly propagate the source document which bypassed its CSP. This vulnerability affects Firefox < 141, Firefox ESR < 128.13, Firefox ESR < 140.1, Thunderbird < 141, Thunderbird < 128.13, and Thunderbird < 140.1.
Затронутые продукты
Ссылки
- CVE-2025-8032
- SUSE Bug 1246664
Описание
The JavaScript engine did not handle closed generators correctly and it was possible to resume them leading to a nullptr deref. This vulnerability affects Firefox < 141, Firefox ESR < 115.26, Firefox ESR < 128.13, Firefox ESR < 140.1, Thunderbird < 141, Thunderbird < 128.13, and Thunderbird < 140.1.
Затронутые продукты
Ссылки
- CVE-2025-8033
- SUSE Bug 1246664
Описание
Memory safety bugs present in Firefox ESR 115.25, Firefox ESR 128.12, Thunderbird ESR 128.12, Firefox ESR 140.0, Thunderbird ESR 140.0, Firefox 140 and Thunderbird 140. Some of these bugs showed evidence of memory corruption and we presume that with enough effort some of these could have been exploited to run arbitrary code. This vulnerability affects Firefox < 141, Firefox ESR < 115.26, Firefox ESR < 128.13, Firefox ESR < 140.1, Thunderbird < 141, Thunderbird < 128.13, and Thunderbird < 140.1.
Затронутые продукты
Ссылки
- CVE-2025-8034
- SUSE Bug 1246664
Описание
Memory safety bugs present in Firefox ESR 128.12, Thunderbird ESR 128.12, Firefox ESR 140.0, Thunderbird ESR 140.0, Firefox 140 and Thunderbird 140. Some of these bugs showed evidence of memory corruption and we presume that with enough effort some of these could have been exploited to run arbitrary code. This vulnerability affects Firefox < 141, Firefox ESR < 128.13, Firefox ESR < 140.1, Thunderbird < 141, Thunderbird < 128.13, and Thunderbird < 140.1.
Затронутые продукты
Ссылки
- CVE-2025-8035
- SUSE Bug 1246664
Описание
An attacker was able to perform memory corruption in the GMP process which processes encrypted media. This process is also heavily sandboxed, but represents slightly different privileges from the content process. This vulnerability affects Firefox < 142, Firefox ESR < 115.27, Firefox ESR < 128.14, Firefox ESR < 140.2, Thunderbird < 142, Thunderbird < 128.14, and Thunderbird < 140.2.
Затронутые продукты
Ссылки
- CVE-2025-9179
- SUSE Bug 1248162
Описание
Same-origin policy bypass in the Graphics: Canvas2D component. This vulnerability affects Firefox < 142, Firefox ESR < 115.27, Firefox ESR < 128.14, Firefox ESR < 140.2, Thunderbird < 142, Thunderbird < 128.14, and Thunderbird < 140.2.
Затронутые продукты
Ссылки
- CVE-2025-9180
- SUSE Bug 1248162
Описание
Uninitialized memory in the JavaScript Engine component. This vulnerability affects Firefox < 142, Firefox ESR < 128.14, Firefox ESR < 140.2, Thunderbird < 142, Thunderbird < 128.14, and Thunderbird < 140.2.
Затронутые продукты
Ссылки
- CVE-2025-9181
- SUSE Bug 1248162
Описание
Memory safety bugs present in Firefox ESR 115.26, Firefox ESR 128.13, Thunderbird ESR 128.13, Firefox ESR 140.1, Thunderbird ESR 140.1, Firefox 141 and Thunderbird 141. Some of these bugs showed evidence of memory corruption and we presume that with enough effort some of these could have been exploited to run arbitrary code. This vulnerability affects Firefox < 142, Firefox ESR < 115.27, Firefox ESR < 128.14, Firefox ESR < 140.2, Thunderbird < 142, Thunderbird < 128.14, and Thunderbird < 140.2.
Затронутые продукты
Ссылки
- CVE-2025-9185
- SUSE Bug 1248162