Alerts This Week
Warning Icon 1 717
Alerts This Week
Warning Icon 1 717

Stay Secure with the Latest Linux Advisories

Opensuse Large Esm H800
openSUSE

OpenSUSE Tumbleweed python311-joserfc Moderate DoS Fix Vuln 2026-11067-1

Calendar White Jun 20, 2026
moderate
Opensuse Large Esm H900
openSUSE

openSUSE Tumbleweed python311 Moderate Security Issues Update 2026-11068-1

Calendar White Jun 20, 2026
moderate
Opensuse Large Esm H900
openSUSE

openSUSE ansible-core Moderate CVE-2026-11332 Threat Advisory 2026-11064-1

Calendar White Jun 20, 2026
moderate
Fedora Large Esm H800
Fedora

Fedora 43 Ansible-Core Important Argument Injection Fix CVE-2026-11332

Calendar White Jun 19, 2026
Important
Fedora Large Esm H900
Fedora

Fedora 43 perl-Config-IniFiles Important CVE-2026-11527 Access Control Fix

Calendar White Jun 19, 2026
Important
Fedora Large Esm H900
Fedora

Fedora 43 WebKitGTK Important Performance and Content Fixes 2026-1557aaef26

Calendar White Jun 19, 2026
Important
Fedora Large Esm H800
Fedora

Fedora 44 Ansible-Core Important CVE-2026-11332 Mitigation Advisory

Calendar White Jun 19, 2026
Important
Fedora Large Esm H900
Fedora

Fedora 44 perl-Config-IniFiles Important Security Fix CVE-2026-11527

Calendar White Jun 19, 2026
Important
Fedora Large Esm H900
Fedora

Fedora 44 Ongres Scram Major Security Patch 2026-3f51edec7b

Calendar White Jun 19, 2026
Important
Filter%20icon Refine advisories
X Clear Filters
X Clear Filters
View More

Get the latest News and Insights

Get the latest Linux and open source security news straight to your inbox.

Community Poll

More Polls

Is automated patching safe for servers?

No answer selected. Please try again.
Please select either existing option or enter your own, however not both.
Please select minimum {0} answer(s).
Please select maximum {0} answer(s).
/main-polls/152-is-automated-patching-safe-for-servers?task=poll.vote&format=json
152
radio
0
[{"id":491,"title":"No: Bad updates break production","votes":0,"type":"x","order":1,"pct":0,"resources":[]},{"id":492,"title":"Yes: unpatched flase are worse","votes":0,"type":"x","order":2,"pct":0,"resources":[]},{"id":493,"title":"Only with AI-driven testing rollback","votes":0,"type":"x","order":3,"pct":0,"resources":[]}] ["#ff5b00","#4ac0f2","#b80028","#eef66c","#60bb22","#b96a9a","#62c2cc"] ["rgba(255,91,0,0.7)","rgba(74,192,242,0.7)","rgba(184,0,40,0.7)","rgba(238,246,108,0.7)","rgba(96,187,34,0.7)","rgba(185,106,154,0.7)","rgba(98,194,204,0.7)"] 350
bottom 200
Loading...

Explore Latest Linux Security advisories

We found -7 articles for you...
100
Ls Advisories Suse Esm H240
Price Tag%201security advisorySuSEimportant

SUSE: mozjs129 Important Security Patch Released 2025:21171-2

* bsc#1248162 Cross-References: * CVE-2025-5263 * CVE-2025-5264 . # Security update for mozjs128 Announcement ID: SUSE-SU-2025:21170-1 Release Date: 2025-12-03T20:41:04Z Rating: important References: * bsc#1248162 Cross-References: * CVE-2025-5263 * CVE-2025-5264 * CVE-2025-5265 * CVE-2025-5266 * CVE-2025-5267 * CVE-2025-5268 * CVE-2025-5269 * CVE-2025-5283 * CVE-2025-6424 * CVE-2025-6425 * CVE-2025-6426 * CVE-2025-6429 * CVE-2025-6430 * CVE-2025-8027 * CVE-2025-8028 * CVE-2025-8029 * CVE-2025-8030 * CVE-2025-8031 * CVE-2025-8032 * CVE-2025-8033 * CVE-2025-8034 * CVE-2025-8035 * CVE-2025-9179 * CVE-2025-9180 * CVE-2025-9181 * CVE-2025-9185 CVSS scores: * CVE-2025-5263 ( SUSE ): 4.3 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:N * CVE-2025-5263 ( NVD ): 4.3 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:N * CVE-2025-5264 ( SUSE ): 4.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:L/I:L/A:L * CVE-2025-5264 ( NVD ): 4.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:L/I:L/A:L * CVE-2025-5265 ( SUSE ): 4.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:L/I:L/A:L * CVE-2025-5265 ( NVD ): 4.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:L/I:L/A:L * CVE-2025-5266 ( SUSE ): 6.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N * CVE-2025-5266 ( NVD ): 4.3 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:N * CVE-2025-5267 ( SUSE ): 5.4 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:N * CVE-2025-5267 ( NVD ): 5.4 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:N * CVE-2025-5268 ( SUSE ): 6.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N * CVE-2025-5268 ( NVD ): 8.1 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H * CVE-2025-5269 ( SUSE ): 6.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N * CVE-2025-5269 ( NVD ): 8.1 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H * CVE-2025-5283 ( NVD ): 5.4 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:N * CVE-2025-6424 ( SUSE ): 8.7 CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N * CVE-2025-6424 ( SUSE ): 8.8CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H * CVE-2025-6424 ( NVD ): 9.8 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H * CVE-2025-6425 ( SUSE ): 5.3 CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:L/VI:L/VA:N/SC:N/SI:N/SA:N * CVE-2025-6425 ( SUSE ): 5.4 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:N * CVE-2025-6425 ( NVD ): 4.3 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:N * CVE-2025-6426 ( SUSE ): 5.3 CVSS:4.0/AV:N/AC:H/AT:P/PR:N/UI:A/VC:N/VI:N/VA:N/SC:H/SI:H/SA:L * CVE-2025-6426 ( SUSE ): 8.2 CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:C/C:H/I:H/A:L * CVE-2025-6426 ( NVD ): 8.8 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H * CVE-2025-6429 ( SUSE ): 5.3 CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N * CVE-2025-6429 ( SUSE ): 4.3 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N * CVE-2025-6429 ( NVD ): 6.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N * CVE-2025-6430 ( SUSE ): 5.3 CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N * CVE-2025-6430 ( SUSE ): 6.3 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:L * CVE-2025-6430 ( NVD ): 6.1 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N * CVE-2025-8027 ( SUSE ): 7.0 CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:A/VC:L/VI:H/VA:L/SC:N/SI:N/SA:N * CVE-2025-8027 ( SUSE ): 7.6 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:H/A:L * CVE-2025-8027 ( NVD ): 6.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N * CVE-2025-8028 ( SUSE ): 7.0 CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:A/VC:L/VI:H/VA:L/SC:N/SI:N/SA:N * CVE-2025-8028 ( SUSE ): 7.6 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:H/A:L * CVE-2025-8028 ( NVD ): 9.8 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H * CVE-2025-8029 ( SUSE ): 2.1 CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:A/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N * CVE-2025-8029 ( SUSE ): 5.0 CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:L/I:L/A:L * CVE-2025-8029 ( NVD ): 8.1 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:N * CVE-2025-8030 ( SUSE ): 4.6 CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:A/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N * CVE-2025-8030 ( SUSE ): 5.3CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:L * CVE-2025-8030 ( NVD ): 8.1 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:N * CVE-2025-8031 ( SUSE ): 8.7 CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N * CVE-2025-8031 ( SUSE ): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N * CVE-2025-8031 ( NVD ): 9.8 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H * CVE-2025-8032 ( SUSE ): 5.1 CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:A/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N * CVE-2025-8032 ( SUSE ): 6.3 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:L * CVE-2025-8032 ( NVD ): 8.1 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:N * CVE-2025-8033 ( SUSE ): 5.1 CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:A/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N * CVE-2025-8033 ( SUSE ): 4.3 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L * CVE-2025-8033 ( NVD ): 6.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N * CVE-2025-8034 ( SUSE ): 8.6 CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:A/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N * CVE-2025-8034 ( SUSE ): 8.8 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H * CVE-2025-8034 ( NVD ): 8.8 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H * CVE-2025-8035 ( SUSE ): 8.6 CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:A/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N * CVE-2025-8035 ( SUSE ): 8.8 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H * CVE-2025-8035 ( NVD ): 8.8 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H * CVE-2025-9179 ( SUSE ): 7.5 CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H * CVE-2025-9179 ( NVD ): 9.8 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H * CVE-2025-9180 ( SUSE ): 8.1 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:N * CVE-2025-9180 ( NVD ): 8.1 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:N * CVE-2025-9181 ( SUSE ): 5.4 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:L * CVE-2025-9181 ( NVD ): 6.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N * CVE-2025-9185 ( SUSE ): 8.8 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H * CVE-2025-9185 ( NVD ): 8.1 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H * CVE-2025-9185 ( NVD): 8.1 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H Affected Products: * SUSE Linux Enterprise Server 16.0 * SUSE Linux Enterprise Server for SAP Applications 16.0 An update that solves 26 vulnerabilities can now be installed. ## Description: This update for mozjs128 fixes the following issues: * Update to version 128.14.0 (bsc#1248162): * CVE-2025-9179: Sandbox escape due to invalid pointer in the Audio/Video: GMP component * CVE-2025-9180: Same-origin policy bypass in the Graphics: Canvas2D component * CVE-2025-9181: Uninitialized memory in the JavaScript Engine component * CVE-2025-9185: Memory safety bugs fixed in Firefox ESR 115.27, Firefox ESR 128.14, Thunderbird ESR 128.14, Firefox ESR 140.2, Thunderbird ESR 140.2, Firefox 142 and Thunderbird 142 * Update to version 128.13.0: * CVE-2025-8027: JavaScript engine only wrote partial return value to stack * CVE-2025-8028: Large branch table could lead to truncated instruction * CVE-2025-8029: javascript: URLs executed on object and embed tags * CVE-2025-8030: Potential user-assisted code execution in “Copy as cURL” command * CVE-2025-8031: Incorrect URL stripping in CSP reports * CVE-2025-8032: XSLT documents could bypass CSP * CVE-2025-8033: Incorrect JavaScript state machine for generators * CVE-2025-8034: Memory safety bugs fixed in Firefox ESR 115.26, Firefox ESR 128.13, Thunderbird ESR 128.13, Firefox ESR 140.1, Thunderbird ESR 140.1, Firefox 141 and Thunderbird 141 * CVE-2025-8035: Memory safety bugs fixed in Firefox ESR 128.13, Thunderbird ESR 128.13, Firefox ESR 140.1, Thunderbird ESR 140.1, Firefox 141 and Thunderbird 141 * Update to version 128.12.0: * CVE-2025-6424: Use-after-free in FontFaceSet * CVE-2025-6425: The WebCompat WebExtension shipped with Firefox exposed a persistent UUID * CVE-2025-6426: No warning when opening executable terminal files on macOS * CVE-2025-6429: Incorrect parsing of URLs could have allowed embedding of youtube.com * CVE-2025-6430: Content-Disposition header ignored when a file is included in an embed or object tag * Update to version 128.11.0: * CVE-2025-5283: Double-free in libvpx encoder * CVE-2025-5263: Error handling for script execution was incorrectly isolated from web content * CVE-2025-5264: Potential local code execution in “Copy as cURL” command * CVE-2025-5265: Potential local code execution in “Copy as cURL” command * CVE-2025-5266: Script element events leaked cross-origin resource status * CVE-2025-5267: Clickjacking vulnerability could have led to leaking saved payment card details * CVE-2025-5268: Memory safety bugs fixed in Firefox 139, Thunderbird 139, Firefox ESR 128.11, and Thunderbird 128.11 * CVE-2025-5269: Memory safety bug fixed in Firefox ESR 128.11 and Thunderbird 128.11 ## Patch Instructions: To install this SUSE update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: * SUSE Linux Enterprise Server 16.0 zypper in -t patch SUSE-SLES-16.0-93=1 * SUSE Linux Enterprise Server for SAP Applications 16.0 zypper in -t patch SUSE-SLES-16.0-93=1 ## Package List: * SUSE Linux Enterprise Server 16.0 (aarch64 ppc64le s390x x86_64) * mozjs128-debugsource-128.14.0-160000.1.1 * libmozjs-128-0-128.14.0-160000.1.1 * mozjs128-debuginfo-128.14.0-160000.1.1 * mozjs128-devel-128.14.0-160000.1.1 * libmozjs-128-0-debuginfo-128.14.0-160000.1.1 * mozjs128-128.14.0-160000.1.1 * SUSE Linux Enterprise Server for SAP Applications 16.0 (ppc64le x86_64) * mozjs128-debugsource-128.14.0-160000.1.1 * libmozjs-128-0-128.14.0-160000.1.1 * mozjs128-debuginfo-128.14.0-160000.1.1 * mozjs128-devel-128.14.0-160000.1.1 * libmozjs-128-0-debuginfo-128.14.0-160000.1.1 * mozjs128-128.14.0-160000.1.1 ## References: * https://www.suse.com/security/cve/CVE-2025-5263.html *https://www.suse.com/security/cve/CVE-2025-5264.html * https://www.suse.com/security/cve/CVE-2025-5265.html * https://www.suse.com/security/cve/CVE-2025-5266.html * https://www.suse.com/security/cve/CVE-2025-5267.html * https://www.suse.com/security/cve/CVE-2025-5268.html * https://www.suse.com/security/cve/CVE-2025-5269.html * https://www.suse.com/security/cve/CVE-2025-5283.html * https://www.suse.com/security/cve/CVE-2025-6424.html * https://www.suse.com/security/cve/CVE-2025-6425.html * https://www.suse.com/security/cve/CVE-2025-6426.html * https://www.suse.com/security/cve/CVE-2025-6429.html * https://www.suse.com/security/cve/CVE-2025-6430.html * https://www.suse.com/security/cve/CVE-2025-8027.html * https://www.suse.com/security/cve/CVE-2025-8028.html * https://www.suse.com/security/cve/CVE-2025-8029.html * https://www.suse.com/security/cve/CVE-2025-8030.html * https://www.suse.com/security/cve/CVE-2025-8031.html * https://www.suse.com/security/cve/CVE-2025-8032.html * https://www.suse.com/security/cve/CVE-2025-8033.html * https://www.suse.com/security/cve/CVE-2025-8034.html * https://www.suse.com/security/cve/CVE-2025-8035.html * https://www.suse.com/security/cve/CVE-2025-9179.html * https://www.suse.com/security/cve/CVE-2025-9180.html * https://www.suse.com/security/cve/CVE-2025-9181.html * https://www.suse.com/security/cve/CVE-2025-9185.html * https://bugzilla.suse.com/show_bug.cgi?id=1248162 . This advisory addresses important updates to mozjs128 resolving critical issues including a sandbox escape and memory safety bugs.. SUSE,Linux,mozjs128,security update. . Severity: Important. LinuxSecurity.com Team

Calendar%202 Dec 10, 2025 Important SuSE
202
Ls Advisories Opensuse Esm H240
Price Tag%201security advisoryimportantmemory safety

openSUSE Leap 16.0: mozjs128 Important Sandbox Escape Issues 2025-20135-1

An update that solves 26 vulnerabilities and has one bug fix can now be installed.. openSUSE security update: security update for mozjs128 ------------------------------------------------------------- Announcement ID: openSUSE-SU-2025-20135-1 Rating: important References: * bsc#1248162 Cross-References: * CVE-2025-5263 * CVE-2025-5264 * CVE-2025-5265 * CVE-2025-5266 * CVE-2025-5267 * CVE-2025-5268 * CVE-2025-5269 * CVE-2025-5283 * CVE-2025-6424 * CVE-2025-6425 * CVE-2025-6426 * CVE-2025-6429 * CVE-2025-6430 * CVE-2025-8027 * CVE-2025-8028 * CVE-2025-8029 * CVE-2025-8030 * CVE-2025-8031 * CVE-2025-8032 * CVE-2025-8033 * CVE-2025-8034 * CVE-2025-8035 * CVE-2025-9179 * CVE-2025-9180 * CVE-2025-9181 * CVE-2025-9185 CVSS scores: * CVE-2025-5263 ( SUSE ): 4.3 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:N * CVE-2025-5264 ( SUSE ): 4.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:L/I:L/A:L * CVE-2025-5265 ( SUSE ): 4.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:L/I:L/A:L * CVE-2025-5266 ( SUSE ): 6.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N * CVE-2025-5267 ( SUSE ): 5.4 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:N * CVE-2025-5268 ( SUSE ): 6.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N * CVE-2025-5269 ( SUSE ): 6.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N * CVE-2025-6424 ( SUSE ): 8.8 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H * CVE-2025-6424 ( SUSE ): 8.7 CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N * CVE-2025-6425 ( SUSE ): 5.4 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:N * CVE-2025-6425 ( SUSE ): 5.3 CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:L/VI:L/VA:N/SC:N/SI:N/SA:N * CVE-2025-6426 ( SUSE ): 8.2 CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:C/C:H/I:H/A:L * CVE-2025-6426 ( SUSE ): 5.3 CVSS:4.0/AV:N/AC:H/AT:P/PR:N/UI:A/VC:N/VI:N/VA:N/SC:H/SI:H/SA:L * CVE-2025-6429 ( SUSE ): 4.3 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N * CVE-2025-6429 ( SUSE ): 5.3 CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N *CVE-2025-6430 ( SUSE ): 6.3 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:L * CVE-2025-6430 ( SUSE ): 5.3 CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N * CVE-2025-8027 ( SUSE ): 7.6 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:H/A:L * CVE-2025-8027 ( SUSE ): 7 CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:A/VC:L/VI:H/VA:L/SC:N/SI:N/SA:N * CVE-2025-8028 ( SUSE ): 7.6 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:H/A:L * CVE-2025-8028 ( SUSE ): 7 CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:A/VC:L/VI:H/VA:L/SC:N/SI:N/SA:N * CVE-2025-8029 ( SUSE ): 5 CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:L/I:L/A:L * CVE-2025-8029 ( SUSE ): 2.1 CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:A/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N * CVE-2025-8030 ( SUSE ): 5.3 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:L * CVE-2025-8030 ( SUSE ): 4.6 CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:A/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N * CVE-2025-8031 ( SUSE ): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N * CVE-2025-8031 ( SUSE ): 8.7 CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N * CVE-2025-8032 ( SUSE ): 6.3 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:L * CVE-2025-8032 ( SUSE ): 5.1 CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:A/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N * CVE-2025-8033 ( SUSE ): 4.3 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L * CVE-2025-8033 ( SUSE ): 5.1 CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:A/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N * CVE-2025-8034 ( SUSE ): 8.8 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H * CVE-2025-8034 ( SUSE ): 8.6 CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:A/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N * CVE-2025-8035 ( SUSE ): 8.8 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H * CVE-2025-8035 ( SUSE ): 8.6 CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:A/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N * CVE-2025-9179 ( SUSE ): 7.5 CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H * CVE-2025-9180 ( SUSE ): 8.1 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:N * CVE-2025-9181 ( SUSE ): 5.4 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:L * CVE-2025-9185 ( SUSE ): 8.8 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H AffectedProducts: openSUSE Leap 16.0 ------------------------------------------------------------- An update that solves 26 vulnerabilities and has one bug fix can now be installed. Description: This update for mozjs128 fixes the following issues: - Update to version 128.14.0 (bsc#1248162): + CVE-2025-9179: Sandbox escape due to invalid pointer in the Audio/Video: GMP component + CVE-2025-9180: Same-origin policy bypass in the Graphics: Canvas2D component + CVE-2025-9181: Uninitialized memory in the JavaScript Engine component + CVE-2025-9185: Memory safety bugs fixed in Firefox ESR 115.27, Firefox ESR 128.14, Thunderbird ESR 128.14, Firefox ESR 140.2, Thunderbird ESR 140.2, Firefox 142 and Thunderbird 142 - Update to version 128.13.0: + CVE-2025-8027: JavaScript engine only wrote partial return value to stack + CVE-2025-8028: Large branch table could lead to truncated instruction + CVE-2025-8029: javascript: URLs executed on object and embed tags + CVE-2025-8030: Potential user-assisted code execution in \u201cCopy as cURL\u201d command + CVE-2025-8031: Incorrect URL stripping in CSP reports + CVE-2025-8032: XSLT documents could bypass CSP + CVE-2025-8033: Incorrect JavaScript state machine for generators + CVE-2025-8034: Memory safety bugs fixed in Firefox ESR 115.26, Firefox ESR 128.13, Thunderbird ESR 128.13, Firefox ESR 140.1, Thunderbird ESR 140.1, Firefox 141 and Thunderbird 141 + CVE-2025-8035: Memory safety bugs fixed in Firefox ESR 128.13, Thunderbird ESR 128.13, Firefox ESR 140.1, Thunderbird ESR 140.1, Firefox 141 and Thunderbird 141 - Update to version 128.12.0: + CVE-2025-6424: Use-after-free in FontFaceSet + CVE-2025-6425: The WebCompat WebExtension shipped with Firefox exposed a persistent UUID + CVE-2025-6426: No warning when opening executable terminal files on macOS + CVE-2025-6429: Incorrect parsing of URLs could have allowed embedding of youtube.com + CVE-2025-6430:Content-Disposition header ignored when a file is included in an embed or object tag - Update to version 128.11.0: + CVE-2025-5283: Double-free in libvpx encoder + CVE-2025-5263: Error handling for script execution was incorrectly isolated from web content + CVE-2025-5264: Potential local code execution in \u201cCopy as cURL\u201d command + CVE-2025-5265: Potential local code execution in \u201cCopy as cURL\u201d command + CVE-2025-5266: Script element events leaked cross-origin resource status + CVE-2025-5267: Clickjacking vulnerability could have led to leaking saved payment card details + CVE-2025-5268: Memory safety bugs fixed in Firefox 139, Thunderbird 139, Firefox ESR 128.11, and Thunderbird 128.11 + CVE-2025-5269: Memory safety bug fixed in Firefox ESR 128.11 and Thunderbird 128.11 Patch instructions: To install this openSUSE security update use the suse recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - openSUSE Leap 16.0 zypper in -t patch openSUSE-Leap-16.0-93=1 Package List: - openSUSE Leap 16.0: libmozjs-128-0-128.14.0-160000.1.1 mozjs128-128.14.0-160000.1.1 mozjs128-devel-128.14.0-160000.1.1 References: * https://www.suse.com/security/cve/CVE-2025-5263.html * https://www.suse.com/security/cve/CVE-2025-5264.html * https://www.suse.com/security/cve/CVE-2025-5265.html * https://www.suse.com/security/cve/CVE-2025-5266.html * https://www.suse.com/security/cve/CVE-2025-5267.html * https://www.suse.com/security/cve/CVE-2025-5268.html * https://www.suse.com/security/cve/CVE-2025-5269.html * https://www.suse.com/security/cve/CVE-2025-5283.html * https://www.suse.com/security/cve/CVE-2025-6424.html * https://www.suse.com/security/cve/CVE-2025-6425.html * https://www.suse.com/security/cve/CVE-2025-6426.html * https://www.suse.com/security/cve/CVE-2025-6429.html * https://www.suse.com/security/cve/CVE-2025-6430.html *https://www.suse.com/security/cve/CVE-2025-8027.html * https://www.suse.com/security/cve/CVE-2025-8028.html * https://www.suse.com/security/cve/CVE-2025-8029.html * https://www.suse.com/security/cve/CVE-2025-8030.html * https://www.suse.com/security/cve/CVE-2025-8031.html * https://www.suse.com/security/cve/CVE-2025-8032.html * https://www.suse.com/security/cve/CVE-2025-8033.html * https://www.suse.com/security/cve/CVE-2025-8034.html * https://www.suse.com/security/cve/CVE-2025-8035.html * https://www.suse.com/security/cve/CVE-2025-9179.html * https://www.suse.com/security/cve/CVE-2025-9180.html * https://www.suse.com/security/cve/CVE-2025-9181.html * https://www.suse.com/security/cve/CVE-2025-9185.html . An important openSUSE update for mozjs128 addresses 26 issues, including critical vulnerabilities and security fixes.. openSUSE update, mozjs128 security, important vulnerabilities, software security updates. . Severity: Important. LinuxSecurity.com Team

Calendar%202 Dec 04, 2025 Important OpenSUSE
Banner 3 1028x280 1708121785 1771599793
News Add Esm H240

Get the latest News and Insights

Get the latest Linux and open source security news straight to your inbox.

Community Poll

More Polls

Is automated patching safe for servers?

No answer selected. Please try again.
Please select either existing option or enter your own, however not both.
Please select minimum {0} answer(s).
Please select maximum {0} answer(s).
/main-polls/152-is-automated-patching-safe-for-servers?task=poll.vote&format=json
152
radio
0
[{"id":491,"title":"No: Bad updates break production","votes":0,"type":"x","order":1,"pct":0,"resources":[]},{"id":492,"title":"Yes: unpatched flase are worse","votes":0,"type":"x","order":2,"pct":0,"resources":[]},{"id":493,"title":"Only with AI-driven testing rollback","votes":0,"type":"x","order":3,"pct":0,"resources":[]}] ["#ff5b00","#4ac0f2","#b80028","#eef66c","#60bb22","#b96a9a","#62c2cc"] ["rgba(255,91,0,0.7)","rgba(74,192,242,0.7)","rgba(184,0,40,0.7)","rgba(238,246,108,0.7)","rgba(96,187,34,0.7)","rgba(185,106,154,0.7)","rgba(98,194,204,0.7)"] 350
bottom 200

Search Topics

Your message here