SUSE Package Hub - SUSE-SLE-Module-Packagehub-Subpackages-15-SP7-2026-1956

Update Info

SUSE-SLE-Module-Packagehub-Subpackages-15-SP7-2026-1956

Security update for mozjs78

Type: security

Severity: important

Issued: 2026-05-18

Description:

This update for mozjs78 fixes the following issues

- CVE-2026-32776: libexpat: NULL pointer dereference when processing empty external parameter entities inside an entity
  declaration value (bsc#1259728).
- CVE-2026-32777: libexpat: denial of service due to infinite loop in DTD content parsing (bsc#1259713).
- CVE-2026-32778: libexpat: NULL pointer dereference in `setContext` on retry after an out-of-memory condition
  (bsc#1259731).

References

CVE: CVE-2026-32778
CVE: CVE-2026-32777
CVE: CVE-2026-32776
Bugzilla: 1259731 VUL-0: CVE-2026-32778: mozjs: libexpat: NULL pointer dereference in `setContext` on retry after an out-of-memory condition
Bugzilla: 1259728 VUL-0: CVE-2026-32776: mozjs: libexpat: NULL pointer dereference when processing empty external parameter entities inside an entity declaration value
Bugzilla: 1259713 VUL-0: CVE-2026-32777: mozjs: libexpat: denial of service due to infinite loop in DTD content parsing

Packages

mozjs78-78.15.0-150400.3.17.1