This is the descript of CVE-2015-1283: https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2015-1283 https://codereview.chromium.org/1224303003 https://hg.mozilla.org/releases/mozilla-esr31/rev/2f3e78643f5c wrlinux-mid-december-2015-security-bulletin.pdf sais this vunerability will not be fixed because wrlinux doesn't ship chrome. But the vunerablility code is in expat. I check the related file 'xmlparse.c' that also also the problem mentioned in https://codereview.chromium.org/1224303003 Please refer to the diff in the above link. ThLIN8-2281e customer requests the patch for expat.