SUSE Package Hub - SUSE-SLE-Module-Packagehub-Subpackages-15-SP7-2026-1742

Update Info

SUSE-SLE-Module-Packagehub-Subpackages-15-SP7-2026-1742

Security update for mozjs52

Type: security

Severity: important

Issued: 2026-05-07

Description:

This update for mozjs52 fixes the following issues

- CVE-2026-32776: libexpat: NULL pointer dereference when processing empty external parameter entities inside an entity
  declaration value (bsc#1259728).
- CVE-2026-32777: libexpat: denial of service due to infinite loop in DTD content parsing (bsc#1259713).
- CVE-2026-32778: libexpat: NULL pointer dereference in `setContext` on retry after an out-of-memory condition
  (bsc#1259731).

References

CVE: CVE-2026-32778
CVE: CVE-2026-32777
CVE: CVE-2026-32776
Bugzilla: 1259731 VUL-0: CVE-2026-32778: mozjs: libexpat: NULL pointer dereference in `setContext` on retry after an out-of-memory condition
Bugzilla: 1259728 VUL-0: CVE-2026-32776: mozjs: libexpat: NULL pointer dereference when processing empty external parameter entities inside an entity declaration value
Bugzilla: 1259713 VUL-0: CVE-2026-32777: mozjs: libexpat: denial of service due to infinite loop in DTD content parsing

Packages

mozjs52-52.6.0-150000.3.12.1