| Index | index by Group | index by Distribution | index by Vendor | index by creation date | index by Name | Mirrors | Help | Search | 
| Name: mozjs128 | Distribution: SUSE Linux 16 | 
| Version: 128.10.1 | Vendor: SUSE LLC <https://www.suse.com/> | 
| Release: 160000.2.2 | Build date: Tue May 20 10:27:21 2025 | 
| Group: System/Libraries | Build host: reproducible | 
| Size: 19849504 | Source RPM: mozjs128-128.10.1-160000.2.2.src.rpm | 
| Packager: https://www.suse.com/ | |
| Url: https://developer.mozilla.org/en-US/docs/Mozilla/Projects/SpiderMonkey | |
| Summary: SpiderMonkey JavaScript library | |
SpiderMonkey is the code-name for Mozilla Firefox's C++ implementation of JavaScript. It is intended to be embedded in other applications that provide host environments for JavaScript.
MPL-2.0
* Tue May 20 2025 bjorn.lie@gmail.com
  - Update to version 128.10.1:
    + MFSA 2025-37:
    - CVE-2025-4920 (bmo#1966612): Out-of-bounds access when
      resolving Promise objects
    - CVE-2025-4921 (bmo#1966614): Out-of-bounds access when
      optimizing linear sums
* Thu Apr 10 2025 mgorse@suse.com
  - Add libtheora-avoid-negative-shift.patch: avoid negative shift in
    huffdec.c (bsc#1234837 CVE-2024-56431).
* Mon Apr 07 2025 bjorn.lie@gmail.com
  - Update to version 128.9.0:
    + CVE-2025-3028, CVE-2025-3029, CVE-2025-3030.
* Sun Mar 30 2025 bjorn.lie@gmail.com
  - Update to version 128.8.1:
    + CVE-2025-2857: Incorrect handle could lead to sandbox escapes.
  - Changes from version 128.8.0:
    + Various security fixes: CVE-2024-43097, CVE-2025-1930,
      CVE-2025-1931, CVE-2025-1932, CVE-2025-1933, CVE-2025-1934,
      CVE-2025-1935, CVE-2025-1936.
* Sat Feb 08 2025 bjorn.lie@gmail.com
  - Update to version 128.7.0:
    + Various security fixes: CVE-2025-1009, CVE-2025-1010,
      CVE-2025-1011, CVE-2025-1012, CVE-2024-11704, CVE-2025-1013,
      CVE-2025-1014, CVE-2025-1016, CVE-2025-1017.
  - Changes from version 128.6.0:
    + Various security fixes: CVE-2025-0237, CVE-2025-0238,
      CVE-2025-0239, CVE-2025-0240, CVE-2025-0241, CVE-2025-0242,
      CVE-2025-0243.
* Wed Dec 11 2024 qzhao@suse.com
  - Add mozjs128-CVE-2024-11498.patch:
    Backporting bf4781a2 from upstream, Check height limit in modular
    trees. Also rewrite the implementation to use iterative checking
    instead of recursive checking of tree property values, to ensure
    stack usage is low. Before, it was possible for
    appropriately-crafted files to use a significant amount of stack.
    (CVE-2024-11498, bsc#1233786)
* Mon Dec 09 2024 qzhao@suse.com
  - Add mozjs128-CVE-2024-11403.patch:
    Backporting 9cc451b9 from upstream, Port the Huffman lookup table
    size fix from brunsli.
    (CVE-2024-11403, bsc#1233766)
* Thu Dec 05 2024 qzhao@suse.com
  - Add mozjs128-CVE-2024-50602.patch:
    Backporting 51c70190 from upstream,
    * lib: Make XML_StopParser refuse to stop/suspend an unstarted parser.
    * lib: Be explicit about XML_PARSING in XML_StopParser.
    (CVE-2024-50602, bsc#1232599, bsc#1232602)
* Tue Dec 03 2024 bjorn.lie@gmail.com
  - Update to version 128.5.1:
    + Fixed an issue that prevented some websites from loading when
      using SSL Inspection. (bmo#1933747)
  - Changes from version 128.5.0:
    + Various security fixes and other quality improvements.
    + CVE-2024-11691: Out-of-bounds write in Apple GPU drivers via
      WebGL.
    + CVE-2024-11692: Select list elements could be shown over
      another site.
    + CVE-2024-11694: CSP Bypass and XSS Exposure via Web
      Compatibility Shims.
    + CVE-2024-11695: URL Bar Spoofing via Manipulated Punycode and
      Whitespace Characters.
    + CVE-2024-11696: Unhandled Exception in Add-on Signature
      Verification.
    + CVE-2024-11697: Improper Keypress Handling in Executable File
      Confirmation Dialog.
* Mon Nov 18 2024 dimstar@opensuse.org
  - Drop autoconf213 BuildRequires: the source embeds autoconf.sh
    directly.
* Mon Nov 18 2024 dimstar@opensuse.org
  - Fix build against icu 76.1: link the correct libraries (icu-uc
    instead of icu-i18n).
* Mon Nov 04 2024 bjorn.lie@gmail.com
  - Update to version 128.4.0:
    + CVE-2024-10458: Permission leak via embed or object elements
    + CVE-2024-10459: Use-after-free in layout with accessibility
    + CVE-2024-10460: Confusing display of origin for external
      protocol handler prompt
    + CVE-2024-10461: XSS due to Content-Disposition being ignored in
      multipart/x-mixed-replace response
    + CVE-2024-10462: Origin of permission prompt could be spoofed by
      long URL
    + CVE-2024-10463: Cross origin video frame leak
    + CVE-2024-10464: History interface could have been used to cause
      a Denial of Service condition in the browser
    + CVE-2024-10465: Clipboard "paste" button persisted across tabs
    + CVE-2024-10466: DOM push subscription message could hang
      Firefox
    + CVE-2024-10467: Memory safety bugs fixed in Firefox 132,
      Thunderbird 132, Firefox ESR 128.4, and Thunderbird 128.4
* Thu Oct 10 2024 bjorn.lie@gmail.com
  - Update to version 128.3.1:
    * CVE-2024-9680: Use-after-free in Animation timeline
  - Changes from version 128.3.0:
    * CVE-2024-9392: Compromised content process can bypass site
      isolation
    * CVE-2024-9393: Cross-origin access to PDF contents through
      multipart responses
    * CVE-2024-9394: Cross-origin access to JSON contents through
      multipart responses
    * CVE-2024-8900: Clipboard write permission bypass
    * CVE-2024-9396: Potential memory corruption may occur when
      cloning certain objects
    * CVE-2024-9397: Potential directory upload bypass via
      clickjacking
    * CVE-2024-9398: External protocol handlers could be enumerated
      via popups
    * CVE-2024-9399: Specially crafted WebTransport requests could
      lead to denial of service
    * CVE-2024-9400: Potential memory corruption during JIT
      compilation
    * CVE-2024-9401: Memory safety bugs fixed in Firefox 131, Firefox
      ESR 115.16, Firefox ESR 128.3, Thunderbird 131, and Thunderbird
      128.3
    * CVE-2024-9402: Memory safety bugs fixed in Firefox 131, Firefox
      ESR 128.3, Thunderbird 131, and Thunderbird 128.3
* Mon Sep 30 2024 qzhao@suse.com
  - Add mozjs128-CVE-2024-45492.patch:
    Backporting 9bf0f2c1 from libexpat upstream, Detect integer
    overflow in function nextScaffoldPart.
    (CVE-2024-45492, bsc#1230038)
* Mon Sep 30 2024 qzhao@suse.com
  - Add mozjs128-CVE-2024-45491.patch:
    Backporting 8e439a99 from libexpat upstream, Detect integer
    overflow in dtdCopy.
    (CVE-2024-45491, bsc#1230037)
* Mon Sep 30 2024 qzhao@suse.com
  - Add mozjs128-CVE-2024-45490-part01-5c1a3164.patch:
    Backporting 5c1a3164 from libexpat upstream, Reject negative len
    for XML_ParseBuffer.
    CVE-2024-45490's fixes including 3 parts: 5c1a3164 for libexpat
    sources; c12f039b for libexpat tests; 2db23301 for libexpat docs;
    Because mozjs only embeds libexpat sources, so unnecessary to
    port prart02 and part03.
    (CVE-2024-45490, bsc#1230036)
* Wed Sep 25 2024 bjorn.lie@gmail.com
  - Update to version 128.2.0:
    + CVE-2024-8385: WASM type confusion involving ArrayTypes
    + CVE-2024-8381: Type confusion when looking up a property name
      in a "with" block
    + CVE-2024-8382: Internal event interfaces were exposed to web
      content when browser EventHandler listener callbacks ran
    + CVE-2024-8383: Firefox did not ask before openings news: links
      in an external application
    + CVE-2024-8384: Garbage collection could mis-color
      cross-compartment objects in OOM conditions
    + CVE-2024-8386: SelectElements could be shown over another site
      if popups are allowed
    + CVE-2024-8387: Memory safety bugs fixed in Firefox 130,
      Firefox ESR 128.2, and Thunderbird 128.2
  - Drop 0001-Skip-failing-tests-on-ppc64-and-s390x.patch: Fixed
    upstream.
* Fri Aug 30 2024 bjorn.lie@gmail.com
  - Initial build for openSUSE.
/usr/bin/js128 /usr/share/doc/packages/mozjs128 /usr/share/doc/packages/mozjs128/README.html
Generated by rpm2html 1.8.1
Fabrice Bellet, Tue Sep 30 22:45:42 2025