Security update for mozjs60 SUSE Patch security@suse.de SUSE Security Team SUSE-SU-2026:0044-1 Final 1 1 2026-01-06T16:10:16Z current 2026-01-06T16:10:16Z 2026-01-06T16:10:16Z cve-database/bin/generate-cvrf.pl 2017-02-24T01:00:00Z Security update for mozjs60 This update for mozjs60 fixes the following issues: - CVE-2024-45492: embedded expat: detect integer overflow in function nextScaffoldPart (bsc#1230038) - CVE-2024-45491: embedded expat: detect integer overflow in dtdCopy (bsc#1230037) - CVE-2024-45490: embedded expat: reject negative len for XML_ParseBuffer (bsc#1230036) - CVE-2024-50602: libexpat: DoS via XML_ResumeParser (bsc#1232602) The CVRF data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0). SUSE-2026-44,SUSE-SLE-Micro-5.3-2026-44,SUSE-SLE-Micro-5.4-2026-44,SUSE-SLE-Module-Basesystem-15-SP7-2026-44,SUSE-SLE-Module-Desktop-Applications-15-SP7-2026-44,SUSE-SUSE-MicroOS-5.2-2026-44,openSUSE-SLE-15.6-2026-44 Copyright SUSE LLC under the Creative Commons License 4.0 with Attribution (CC-BY-4.0) https://www.suse.com/support/update/announcement/2026/suse-su-20260044-1/ Link for SUSE-SU-2026:0044-1 https://lists.suse.com/pipermail/sle-security-updates/2026-January/023693.html E-Mail link for SUSE-SU-2026:0044-1 https://www.suse.com/support/security/rating/ SUSE Security Ratings https://bugzilla.suse.com/1230036 SUSE Bug 1230036 https://bugzilla.suse.com/1230037 SUSE Bug 1230037 https://bugzilla.suse.com/1230038 SUSE Bug 1230038 https://bugzilla.suse.com/1232602 SUSE Bug 1232602 https://www.suse.com/security/cve/CVE-2024-45490/ SUSE CVE CVE-2024-45490 page https://www.suse.com/security/cve/CVE-2024-45491/ SUSE CVE CVE-2024-45491 page https://www.suse.com/security/cve/CVE-2024-45492/ SUSE CVE CVE-2024-45492 page https://www.suse.com/security/cve/CVE-2024-50602/ SUSE CVE CVE-2024-50602 page SUSE Linux Enterprise Micro 5.2 SUSE Linux Enterprise Micro 5.3 SUSE Linux Enterprise Micro 5.4 SUSE Linux Enterprise Module for Basesystem 15 SP7 SUSE Linux Enterprise Module for Desktop Applications 15 SP7 openSUSE Leap 15.6 libmozjs-60-60.9.0-150200.6.8.1 mozjs60-60.9.0-150200.6.8.1 mozjs60-devel-60.9.0-150200.6.8.1 libmozjs-60-60.9.0-150200.6.8.1 as a component of SUSE Linux Enterprise Micro 5.2 libmozjs-60-60.9.0-150200.6.8.1 as a component of SUSE Linux Enterprise Micro 5.3 libmozjs-60-60.9.0-150200.6.8.1 as a component of SUSE Linux Enterprise Micro 5.4 libmozjs-60-60.9.0-150200.6.8.1 as a component of SUSE Linux Enterprise Module for Basesystem 15 SP7 mozjs60-devel-60.9.0-150200.6.8.1 as a component of SUSE Linux Enterprise Module for Desktop Applications 15 SP7 libmozjs-60-60.9.0-150200.6.8.1 as a component of openSUSE Leap 15.6 mozjs60-60.9.0-150200.6.8.1 as a component of openSUSE Leap 15.6 mozjs60-devel-60.9.0-150200.6.8.1 as a component of openSUSE Leap 15.6 An issue was discovered in libexpat before 2.6.3. xmlparse.c does not reject a negative length for XML_ParseBuffer. CVE-2024-45490 SUSE Linux Enterprise Micro 5.2:libmozjs-60-60.9.0-150200.6.8.1 SUSE Linux Enterprise Micro 5.3:libmozjs-60-60.9.0-150200.6.8.1 SUSE Linux Enterprise Micro 5.4:libmozjs-60-60.9.0-150200.6.8.1 SUSE Linux Enterprise Module for Basesystem 15 SP7:libmozjs-60-60.9.0-150200.6.8.1 SUSE Linux Enterprise Module for Desktop Applications 15 SP7:mozjs60-devel-60.9.0-150200.6.8.1 openSUSE Leap 15.6:libmozjs-60-60.9.0-150200.6.8.1 openSUSE Leap 15.6:mozjs60-60.9.0-150200.6.8.1 openSUSE Leap 15.6:mozjs60-devel-60.9.0-150200.6.8.1 moderate To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/support/update/announcement/2026/suse-su-20260044-1/ https://www.suse.com/security/cve/CVE-2024-45490.html CVE-2024-45490 https://bugzilla.suse.com/1229930 SUSE Bug 1229930 https://bugzilla.suse.com/1229962 SUSE Bug 1229962 An issue was discovered in libexpat before 2.6.3. dtdCopy in xmlparse.c can have an integer overflow for nDefaultAtts on 32-bit platforms (where UINT_MAX equals SIZE_MAX). CVE-2024-45491 SUSE Linux Enterprise Micro 5.2:libmozjs-60-60.9.0-150200.6.8.1 SUSE Linux Enterprise Micro 5.3:libmozjs-60-60.9.0-150200.6.8.1 SUSE Linux Enterprise Micro 5.4:libmozjs-60-60.9.0-150200.6.8.1 SUSE Linux Enterprise Module for Basesystem 15 SP7:libmozjs-60-60.9.0-150200.6.8.1 SUSE Linux Enterprise Module for Desktop Applications 15 SP7:mozjs60-devel-60.9.0-150200.6.8.1 openSUSE Leap 15.6:libmozjs-60-60.9.0-150200.6.8.1 openSUSE Leap 15.6:mozjs60-60.9.0-150200.6.8.1 openSUSE Leap 15.6:mozjs60-devel-60.9.0-150200.6.8.1 moderate To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/support/update/announcement/2026/suse-su-20260044-1/ https://www.suse.com/security/cve/CVE-2024-45491.html CVE-2024-45491 https://bugzilla.suse.com/1229930 SUSE Bug 1229930 https://bugzilla.suse.com/1229931 SUSE Bug 1229931 An issue was discovered in libexpat before 2.6.3. nextScaffoldPart in xmlparse.c can have an integer overflow for m_groupSize on 32-bit platforms (where UINT_MAX equals SIZE_MAX). CVE-2024-45492 SUSE Linux Enterprise Micro 5.2:libmozjs-60-60.9.0-150200.6.8.1 SUSE Linux Enterprise Micro 5.3:libmozjs-60-60.9.0-150200.6.8.1 SUSE Linux Enterprise Micro 5.4:libmozjs-60-60.9.0-150200.6.8.1 SUSE Linux Enterprise Module for Basesystem 15 SP7:libmozjs-60-60.9.0-150200.6.8.1 SUSE Linux Enterprise Module for Desktop Applications 15 SP7:mozjs60-devel-60.9.0-150200.6.8.1 openSUSE Leap 15.6:libmozjs-60-60.9.0-150200.6.8.1 openSUSE Leap 15.6:mozjs60-60.9.0-150200.6.8.1 openSUSE Leap 15.6:mozjs60-devel-60.9.0-150200.6.8.1 moderate To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/support/update/announcement/2026/suse-su-20260044-1/ https://www.suse.com/security/cve/CVE-2024-45492.html CVE-2024-45492 https://bugzilla.suse.com/1229930 SUSE Bug 1229930 https://bugzilla.suse.com/1229932 SUSE Bug 1229932 https://bugzilla.suse.com/1229964 SUSE Bug 1229964 An issue was discovered in libexpat before 2.6.4. There is a crash within the XML_ResumeParser function because XML_StopParser can stop/suspend an unstarted parser. CVE-2024-50602 SUSE Linux Enterprise Micro 5.2:libmozjs-60-60.9.0-150200.6.8.1 SUSE Linux Enterprise Micro 5.3:libmozjs-60-60.9.0-150200.6.8.1 SUSE Linux Enterprise Micro 5.4:libmozjs-60-60.9.0-150200.6.8.1 SUSE Linux Enterprise Module for Basesystem 15 SP7:libmozjs-60-60.9.0-150200.6.8.1 SUSE Linux Enterprise Module for Desktop Applications 15 SP7:mozjs60-devel-60.9.0-150200.6.8.1 openSUSE Leap 15.6:libmozjs-60-60.9.0-150200.6.8.1 openSUSE Leap 15.6:mozjs60-60.9.0-150200.6.8.1 openSUSE Leap 15.6:mozjs60-devel-60.9.0-150200.6.8.1 moderate To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/support/update/announcement/2026/suse-su-20260044-1/ https://www.suse.com/security/cve/CVE-2024-50602.html CVE-2024-50602 https://bugzilla.suse.com/1232579 SUSE Bug 1232579