openSUSE Leap 16.0: mozjs128 Important Sandbox Escape Issues 2025-20135-1

opensuse

December 4, 2025

An update that solves 26 vulnerabilities and has one bug fix can now be installed.

Description

This update for mozjs128 fixes the following issues:

- Update to version 128.14.0 (bsc#1248162):

+ CVE-2025-9179: Sandbox escape due to invalid pointer in the

Audio/Video: GMP component

+ CVE-2025-9180: Same-origin policy bypass in the Graphics:

Canvas2D component

+ CVE-2025-9181: Uninitialized memory in the JavaScript Engine

component

+ CVE-2025-9185: Memory safety bugs fixed in Firefox ESR 115.27,

Firefox ESR 128.14, Thunderbird ESR 128.14, Firefox ESR 140.2,

Thunderbird ESR 140.2, Firefox 142 and Thunderbird 142

- Update to version 128.13.0:

+ CVE-2025-8027: JavaScript engine only wrote partial return

value to stack

+ CVE-2025-8028: Large branch table could lead to truncated

instruction

+ CVE-2025-8029: javascript: URLs executed on object and embed

Topics Covered

security advisory important memory safety OpenSUSE sandbox escape mozjs128

Patch

Package List

- openSUSE Leap 16.0:

libmozjs-128-0-128.14.0-160000.1.1

mozjs128-128.14.0-160000.1.1

mozjs128-devel-128.14.0-160000.1.1

References

* bsc#1248162

References:

* https://www.suse.com/security/cve/CVE-2025-5263.html

* https://www.suse.com/security/cve/CVE-2025-5264.html

* https://www.suse.com/security/cve/CVE-2025-5265.html

* https://www.suse.com/security/cve/CVE-2025-5266.html

* https://www.suse.com/security/cve/CVE-2025-5267.html

* https://www.suse.com/security/cve/CVE-2025-5268.html

* https://www.suse.com/security/cve/CVE-2025-5269.html

* https://www.suse.com/security/cve/CVE-2025-5283.html

* https://www.suse.com/security/cve/CVE-2025-6424.html

* https://www.suse.com/security/cve/CVE-2025-6425.html

* https://www.suse.com/security/cve/CVE-2025-6426.html

* https://www.suse.com/security/cve/CVE-2025-6429.html

* https://www.suse.com/security/cve/CVE-2025-6430.html

* https://www.suse.com/security/cve/CVE-2025-8027.html

* https://www.suse.com/security/cve/CVE-2025-8028.html

* https://www.suse.com/security/cve/CVE-2025-8029.html

* https://www.suse.com/security/cve/CVE-2025-8030.html

* https://www.suse.com/security/cve/CVE-2025-8031.html

*...

Read the Full Advisory

Severity

important

Lowest

Low

Medium

High

Critical

Announcement ID: openSUSE-SU-2025-20135-1

Rating: important

Affected Products: openSUSE Leap 16.0 -------------------------------------------------------------

Topics Covered

security advisory important memory safety OpenSUSE sandbox escape mozjs128

Get the latest News and Insights

Get the latest Linux and open source security news straight to your inbox.

openSUSE Leap 16.0: mozjs128 Important Sandbox Escape Issues 2025-20135-1

Description

Topics Covered

Patch

Package List

References

Topics Covered

Get the latest News and Insights

Powered By

Linux Security - Your source for Top Linux News, Advisories, HOWTOs and Feature Releases

QUICK LINKS

subscribe to newsletters!

openSUSE Leap 16.0: mozjs128 Important Sandbox Escape Issues 2025-20135-1

Description

Topics Covered

Patch

Package List

References

Topics Covered

Get the latest News and Insights

Related Articles

Powered By

Linux Security - Your source for Top Linux News, Advisories, HOWTOs and Feature Releases

QUICK LINKS

subscribe to newsletters!