rpm package
opensuse/mozjs78&distro=openSUSE Tumbleweed
pkg:rpm/opensuse/mozjs78&distro=openSUSE%20Tumbleweed
Vulnerabilities (5)
| CVE | Sev | CVSS | KEV | Affected versions | Fixed in | Published | Description |
|---|---|---|---|---|---|---|---|
| CVE-2024-50602 | Med | 5.9 | < 78.15.0-7.1 | 78.15.0-7.1 | Oct 27, 2024 | An issue was discovered in libexpat before 2.6.4. There is a crash within the XML_ResumeParser function because XML_StopParser can stop/suspend an unstarted parser. | |
| CVE-2024-45492 | Cri | 9.8 | < 78.15.0-5.1 | 78.15.0-5.1 | Aug 30, 2024 | An issue was discovered in libexpat before 2.6.3. nextScaffoldPart in xmlparse.c can have an integer overflow for m_groupSize on 32-bit platforms (where UINT_MAX equals SIZE_MAX). | |
| CVE-2024-45491 | Cri | 9.8 | < 78.15.0-5.1 | 78.15.0-5.1 | Aug 30, 2024 | An issue was discovered in libexpat before 2.6.3. dtdCopy in xmlparse.c can have an integer overflow for nDefaultAtts on 32-bit platforms (where UINT_MAX equals SIZE_MAX). | |
| CVE-2024-45490 | Hig | 7.5 | < 78.15.0-5.1 | 78.15.0-5.1 | Aug 30, 2024 | An issue was discovered in libexpat before 2.6.3. xmlparse.c does not reject a negative length for XML_ParseBuffer. | |
| CVE-2021-29984 | Hig | 8.8 | < 78.13.0-1.2 | 78.13.0-1.2 | Aug 17, 2021 | Instruction reordering resulted in a sequence of instructions that would cause an object to be incorrectly considered during garbage collection. This led to memory corruption and a potentially exploitable crash. This vulnerability affects Thunderbird < 78.13, Thunderbird < 91, Fi |
- affected < 78.15.0-7.1fixed 78.15.0-7.1
An issue was discovered in libexpat before 2.6.4. There is a crash within the XML_ResumeParser function because XML_StopParser can stop/suspend an unstarted parser.
- affected < 78.15.0-5.1fixed 78.15.0-5.1
An issue was discovered in libexpat before 2.6.3. nextScaffoldPart in xmlparse.c can have an integer overflow for m_groupSize on 32-bit platforms (where UINT_MAX equals SIZE_MAX).
- affected < 78.15.0-5.1fixed 78.15.0-5.1
An issue was discovered in libexpat before 2.6.3. dtdCopy in xmlparse.c can have an integer overflow for nDefaultAtts on 32-bit platforms (where UINT_MAX equals SIZE_MAX).
- affected < 78.15.0-5.1fixed 78.15.0-5.1
An issue was discovered in libexpat before 2.6.3. xmlparse.c does not reject a negative length for XML_ParseBuffer.
- affected < 78.13.0-1.2fixed 78.13.0-1.2
Instruction reordering resulted in a sequence of instructions that would cause an object to be incorrectly considered during garbage collection. This led to memory corruption and a potentially exploitable crash. This vulnerability affects Thunderbird < 78.13, Thunderbird < 91, Fi