Alerts This Week
Warning Icon 1 774
Alerts This Week
Warning Icon 1 774

SUSE: mozjs129 Important Security Patch Released 2025:21171-2

suse
Calendar Grey December 10, 2025
Dist Suse Esm H88
This advisory addresses important updates to mozjs128 resolving critical issues including a sandbox escape and memory safety bugs.
* bsc#1248162 Cross-References: * CVE-2025-5263 * CVE-2025-5264

Summary

## This update for mozjs128 fixes the following issues: * Update to version 128.14.0 (bsc#1248162): * CVE-2025-9179: Sandbox escape due to invalid pointer in the Audio/Video: GMP component * CVE-2025-9180: Same-origin policy bypass in the Graphics: Canvas2D component * CVE-2025-9181: Uninitialized memory in the JavaScript Engine component * CVE-2025-9185: Memory safety bugs fixed in Firefox ESR 115.27, Firefox ESR 128.14, Thunderbird ESR 128.14, Firefox ESR 140.2, Thunderbird ESR 140.2, Firefox 142 and Thunderbird 142 * Update to version 128.13.0: * CVE-2025-8027: JavaScript engine only wrote partial return value to stack * CVE-2025-8028: Large branch table could lead to truncated instruction * CVE-2025-8029: javascript: URLs executed on object and embed tags

Topics%20covered

Topics Covered

security advisory SuSE important memory safety sandbox escape mozjs128

References

* bsc#1248162

Cross-

* CVE-2025-5263

* CVE-2025-5264

* CVE-2025-5265

* CVE-2025-5266

* CVE-2025-5267

* CVE-2025-5268

* CVE-2025-5269

* CVE-2025-5283

* CVE-2025-6424

* CVE-2025-6425

* CVE-2025-6426

* CVE-2025-6429

* CVE-2025-6430

* CVE-2025-8027

* CVE-2025-8028

* CVE-2025-8029

* CVE-2025-8030

* CVE-2025-8031

* CVE-2025-8032

* CVE-2025-8033

* CVE-2025-8034

* CVE-2025-8035

* CVE-2025-9179

* CVE-2025-9180

* CVE-2025-9181

* CVE-2025-9185

CVSS scores:

* CVE-2025-5263 ( SUSE ): 4.3 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:N

* CVE-2025-5263 ( NVD ): 4.3 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:N

* CVE-2025-5264 ( SUSE ): 4.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:L/I:L/A:L

* CVE-2025-5264 ( NVD ): 4.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:L/I:L/A:L

Severity
important
Lowest
Low
Medium
High
Critical

Announcement ID: SUSE-SU-2025:21170-1
Release Date: 2025-12-03T20:41:04Z
Rating: important

Topics%20covered

Topics Covered

security advisory SuSE important memory safety sandbox escape mozjs128

Get the latest News and Insights

Get the latest Linux and open source security news straight to your inbox.

Your message here