SUSE Package Hub - SUSE-SLE-Module-Packagehub-Subpackages-15-SP7-2025-4512

Update Info

SUSE-SLE-Module-Packagehub-Subpackages-15-SP7-2025-4512

Security update for mozjs52

Type: security

Severity: moderate

Issued: 2025-12-23

Description:

This update for mozjs52 fixes the following issues:

- CVE-2024-45491: Fixed integer overflow in dtdCopy (bsc#1230037)
- CVE-2024-50602: Fixed DoS via XML_ResumeParser (bsc#1232599)
- CVE-2024-45492: Fixed integer overflow in function nextScaffoldPart (bsc#1230038)
- CVE-2024-45490: Fixed negative len for XML_ParseBuffer (bsc#1230036)

References

CVE: CVE-2024-50602
CVE: CVE-2024-45492
CVE: CVE-2024-45491
CVE: CVE-2024-45490
Bugzilla: 1232599 VUL-0: CVE-2024-50602: mozjs52,mozjs78: libexpat: DoS via XML_ResumeParser
Bugzilla: 1230038 VUL-0: CVE-2024-45492: mozjs60, mozjs78, mozjs115: embedded expat: detect integer overflow in function nextScaffoldPart
Bugzilla: 1230037 VUL-0: CVE-2024-45491: mozjs60, mozjs78, mozjs115: embedded expat: detect integer overflow in dtdCopy
Bugzilla: 1230036 VUL-0: CVE-2024-45490: mozjs60, mozjs78, mozjs115: embedded expat: reject negative len for XML_ParseBuffer

Packages

mozjs52-52.6.0-150000.3.9.1