mozjs128 (SUSE:Linux Enterprise Server 16.0) — known CVEs & security advisories
Known CVE vulnerabilities and GitHub Security Advisories affecting the SUSE:Linux Enterprise Server 16.0 package mozjs128, with affected version ranges, CVSS severity, EPSS exploit prediction, and CISA KEV status.
CVEs (27)
CVE-2025-8031 — CVSS 9.8 (critical): The `username:password` part was not correctly stripped from URLs in CSP reports potentially leaking HTTP Basic Authentication credentials…
CVE-2025-8028 — CVSS 9.8 (critical): On arm64, a WASM `br_table` instruction with a lot of entries could lead to the label being too far from the instruction causing truncation…
CVE-2025-6424 — CVSS 9.8 (critical): A use-after-free in FontFaceSet resulted in a potentially exploitable crash. This vulnerability was fixed in Firefox 140, Firefox ESR…
CVE-2025-9179 — CVSS 9.8 (critical): An attacker was able to perform memory corruption in the GMP process which processes encrypted media. This process is also heavily…
CVE-2025-6426 — CVSS 8.8 (high): The executable file warning did not warn users before opening files with the `terminal` extension. *This bug only affects Firefox for…
CVE-2025-5268 — CVSS 8.1 (high): Memory safety bugs present in Firefox 138, Thunderbird 138, Firefox ESR 128.10, and Thunderbird 128.10. Some of these bugs showed evidence…
CVE-2025-9180 — CVSS 8.1 (high): Same-origin policy bypass in the Graphics: Canvas2D component. This vulnerability was fixed in Firefox 142, Firefox ESR 115.27, Firefox ESR…
CVE-2025-8032 — CVSS 8.1 (high): XSLT document loading did not correctly propagate the source document which bypassed its CSP. This vulnerability was fixed in Firefox 141…
CVE-2025-8029 — CVSS 8.1 (high): Thunderbird executed `javascript:` URLs when used in `object` and `embed` tags. This vulnerability was fixed in Firefox 141, Firefox ESR…
CVE-2025-8030 — CVSS 8.1 (high): Insufficient escaping in the “Copy as cURL” feature could potentially be used to trick a user into executing unexpected code. This…
CVE-2025-5269 — CVSS 8.1 (high): Memory safety bug present in Firefox ESR 128.10, and Thunderbird 128.10. This bug showed evidence of memory corruption and we presume that…
CVE-2025-70103 — CVSS 7.3 (high): Heap buffer overflow vulnerability in libjxl 0.12.0 via crafted PBM images to the jxl::extras::DecodeImagePNM function in file…
CVE-2025-8033 — CVSS 6.5 (medium): The JavaScript engine did not handle closed generators correctly and it was possible to resume them leading to a nullptr deref. This…
CVE-2025-9181 — CVSS 6.5 (medium): Uninitialized memory in the JavaScript Engine component. This vulnerability was fixed in Firefox 142, Firefox ESR 128.14, Firefox ESR…
CVE-2025-6429 — CVSS 6.5 (medium): Firefox could have incorrectly parsed a URL and rewritten it to the youtube.com domain when parsing the URL specified in an `embed` tag…
CVE-2025-8027 — CVSS 6.5 (medium): On 64-bit platforms IonMonkey-JIT only wrote 32 bits of the 64-bit return value space on the stack. Baseline-JIT, however, read the entire…
CVE-2025-6430 — CVSS 6.1 (medium): When a file download is specified via the `Content-Disposition` header, that directive would be ignored if the file was included via a…
CVE-2025-5283 — CVSS 5.4 (medium): Use after free in libvpx in Google Chrome prior to 137.0.7151.55 allowed a remote attacker to potentially exploit heap corruption via a…
CVE-2025-5267 — CVSS 5.4 (medium): A clickjacking vulnerability could have been used to trick a user into leaking saved payment card details to a malicious page. This…
CVE-2025-5264 — CVSS 4.8 (medium): Due to insufficient escaping of the newline character in the “Copy as cURL” feature, an attacker could trick a user into using this…
CVE-2025-5265 — CVSS 4.8 (medium): Due to insufficient escaping of the ampersand character in the “Copy as cURL” feature, an attacker could trick a user into using this…
CVE-2025-5266 — CVSS 4.3 (medium): Script elements loading cross-origin resources generated load and error events which leaked information enabling XS-Leaks attacks. This…
CVE-2025-5263 — CVSS 4.3 (medium): Error handling for script execution was incorrectly isolated from web content, which could have allowed cross-origin leak attacks. This…
CVE-2025-6425 — CVSS 4.3 (medium): An attacker who enumerated resources from the WebCompat extension could have obtained a persistent UUID that identified the browser, and…