| Index | index by Group | index by Distribution | index by Vendor | index by creation date | index by Name | Mirrors | Help | Search |
| Name: mozjs128 | Distribution: openSUSE:Factory:RISCV |
| Version: 128.5.1 | Vendor: openSUSE |
| Release: 1.1 | Build date: Tue Dec 3 09:05:03 2024 |
| Group: System/Libraries | Build host: reproducible |
| Size: 14973448 | Source RPM: mozjs128-128.5.1-1.1.src.rpm |
| Packager: https://bugs.opensuse.org | |
| Url: https://developer.mozilla.org/en-US/docs/Mozilla/Projects/SpiderMonkey | |
| Summary: SpiderMonkey JavaScript library | |
SpiderMonkey is the code-name for Mozilla Firefox's C++ implementation of JavaScript. It is intended to be embedded in other applications that provide host environments for JavaScript.
MPL-2.0
* Tue Dec 03 2024 Bjørn Lie <[email protected]>
- Update to version 128.5.1:
+ Fixed an issue that prevented some websites from loading when
using SSL Inspection. (bmo#1933747)
- Changes from version 128.5.0:
+ Various security fixes and other quality improvements.
+ CVE-2024-11691: Out-of-bounds write in Apple GPU drivers via
WebGL.
+ CVE-2024-11692: Select list elements could be shown over
another site.
+ CVE-2024-11694: CSP Bypass and XSS Exposure via Web
Compatibility Shims.
+ CVE-2024-11695: URL Bar Spoofing via Manipulated Punycode and
Whitespace Characters.
+ CVE-2024-11696: Unhandled Exception in Add-on Signature
Verification.
+ CVE-2024-11697: Improper Keypress Handling in Executable File
Confirmation Dialog.
* Mon Nov 18 2024 Dominique Leuenberger <[email protected]>
- Drop autoconf213 BuildRequires: the source embeds autoconf.sh
directly.
* Mon Nov 18 2024 Dominique Leuenberger <[email protected]>
- Fix build against icu 76.1: link the correct libraries (icu-uc
instead of icu-i18n).
* Mon Nov 04 2024 Bjørn Lie <[email protected]>
- Update to version 128.4.0:
+ CVE-2024-10458: Permission leak via embed or object elements
+ CVE-2024-10459: Use-after-free in layout with accessibility
+ CVE-2024-10460: Confusing display of origin for external
protocol handler prompt
+ CVE-2024-10461: XSS due to Content-Disposition being ignored in
multipart/x-mixed-replace response
+ CVE-2024-10462: Origin of permission prompt could be spoofed by
long URL
+ CVE-2024-10463: Cross origin video frame leak
+ CVE-2024-10464: History interface could have been used to cause
a Denial of Service condition in the browser
+ CVE-2024-10465: Clipboard "paste" button persisted across tabs
+ CVE-2024-10466: DOM push subscription message could hang
Firefox
+ CVE-2024-10467: Memory safety bugs fixed in Firefox 132,
Thunderbird 132, Firefox ESR 128.4, and Thunderbird 128.4
* Thu Oct 10 2024 Bjørn Lie <[email protected]>
- Update to version 128.3.1:
* CVE-2024-9680: Use-after-free in Animation timeline
- Changes from version 128.3.0:
* CVE-2024-9392: Compromised content process can bypass site
isolation
* CVE-2024-9393: Cross-origin access to PDF contents through
multipart responses
* CVE-2024-9394: Cross-origin access to JSON contents through
multipart responses
* CVE-2024-8900: Clipboard write permission bypass
* CVE-2024-9396: Potential memory corruption may occur when
cloning certain objects
* CVE-2024-9397: Potential directory upload bypass via
clickjacking
* CVE-2024-9398: External protocol handlers could be enumerated
via popups
* CVE-2024-9399: Specially crafted WebTransport requests could
lead to denial of service
* CVE-2024-9400: Potential memory corruption during JIT
compilation
* CVE-2024-9401: Memory safety bugs fixed in Firefox 131, Firefox
ESR 115.16, Firefox ESR 128.3, Thunderbird 131, and Thunderbird
128.3
* CVE-2024-9402: Memory safety bugs fixed in Firefox 131, Firefox
ESR 128.3, Thunderbird 131, and Thunderbird 128.3
* Mon Sep 30 2024 Cliff Zhao <[email protected]>
- Add mozjs128-CVE-2024-45492.patch:
Backporting 9bf0f2c1 from libexpat upstream, Detect integer
overflow in function nextScaffoldPart.
(CVE-2024-45492, bsc#1230038)
* Mon Sep 30 2024 Cliff Zhao <[email protected]>
- Add mozjs128-CVE-2024-45491.patch:
Backporting 8e439a99 from libexpat upstream, Detect integer
overflow in dtdCopy.
(CVE-2024-45491, bsc#1230037)
* Mon Sep 30 2024 Cliff Zhao <[email protected]>
- Add mozjs128-CVE-2024-45490-part01-5c1a3164.patch:
Backporting 5c1a3164 from libexpat upstream, Reject negative len
for XML_ParseBuffer.
CVE-2024-45490's fixes including 3 parts: 5c1a3164 for libexpat
sources; c12f039b for libexpat tests; 2db23301 for libexpat docs;
Because mozjs only embeds libexpat sources, so unnecessary to
port prart02 and part03.
(CVE-2024-45490, bsc#1230036)
* Wed Sep 25 2024 Bjørn Lie <[email protected]>
- Update to version 128.2.0:
+ CVE-2024-8385: WASM type confusion involving ArrayTypes
+ CVE-2024-8381: Type confusion when looking up a property name
in a "with" block
+ CVE-2024-8382: Internal event interfaces were exposed to web
content when browser EventHandler listener callbacks ran
+ CVE-2024-8383: Firefox did not ask before openings news: links
in an external application
+ CVE-2024-8384: Garbage collection could mis-color
cross-compartment objects in OOM conditions
+ CVE-2024-8386: SelectElements could be shown over another site
if popups are allowed
+ CVE-2024-8387: Memory safety bugs fixed in Firefox 130,
Firefox ESR 128.2, and Thunderbird 128.2
- Drop 0001-Skip-failing-tests-on-ppc64-and-s390x.patch: Fixed
upstream.
* Fri Aug 30 2024 Bjørn Lie <[email protected]>
- Initial build for openSUSE.
/usr/bin/js128 /usr/share/doc/packages/mozjs128 /usr/share/doc/packages/mozjs128/README.html
Generated by rpm2html 1.8.1
Fabrice Bellet, Sun Dec 8 23:52:46 2024