RHSA-2012:1362 - Security Advisory

Overview
Updated Packages

Synopsis

Critical: thunderbird security update

Type/Severity

Security Advisory: Critical

Topic

An updated thunderbird package that fixes one security issue is now
available for Red Hat Enterprise Linux 5 and 6.

The Red Hat Security Response Team has rated this update as having critical
security impact. A Common Vulnerability Scoring System (CVSS) base score,
which gives a detailed severity rating, is available from the CVE link in
the References section.

Description

Mozilla Thunderbird is a standalone mail and newsgroup client.

A flaw was found in the way Thunderbird handled security wrappers.
Malicious content could cause Thunderbird to execute arbitrary code with
the privileges of the user running Thunderbird. (CVE-2012-4193)

Red Hat would like to thank the Mozilla project for reporting this issue.
Upstream acknowledges moz_bug_r_a4 as the original reporter.

Note: This issue cannot be exploited by a specially-crafted HTML mail
message as JavaScript is disabled by default for mail messages. It could be
exploited another way in Thunderbird, for example, when viewing the full
remote content of an RSS feed.

All Thunderbird users should upgrade to this updated package, which
corrects this issue. After installing the update, Thunderbird must be
restarted for the changes to take effect.

Solution

Before applying this update, make sure all previously-released errata
relevant to your system have been applied.

This update is available via the Red Hat Network. Details on how to
use the Red Hat Network to apply this update are available at
https://access.redhat.com/knowledge/articles/11258

Affected Products

Red Hat Enterprise Linux Server 6 x86_64
Red Hat Enterprise Linux Server 6 i386
Red Hat Enterprise Linux Server 5 x86_64
Red Hat Enterprise Linux Server 5 i386
Red Hat Enterprise Linux Server - Extended Update Support 6.3 x86_64
Red Hat Enterprise Linux Server - Extended Update Support 6.3 i386
Red Hat Enterprise Linux Workstation 6 x86_64
Red Hat Enterprise Linux Workstation 6 i386
Red Hat Enterprise Linux Workstation 5 x86_64
Red Hat Enterprise Linux Workstation 5 i386
Red Hat Enterprise Linux Desktop 6 x86_64
Red Hat Enterprise Linux Desktop 6 i386
Red Hat Enterprise Linux Desktop 5 x86_64
Red Hat Enterprise Linux Desktop 5 i386
Red Hat Enterprise Linux for IBM z Systems 6 s390x
Red Hat Enterprise Linux for IBM z Systems - Extended Update Support 6.3 s390x
Red Hat Enterprise Linux for Power, big endian 6 ppc64
Red Hat Enterprise Linux for Power, big endian - Extended Update Support 6.3 ppc64
Red Hat Enterprise Linux Server from RHUI 6 x86_64
Red Hat Enterprise Linux Server from RHUI 6 i386
Red Hat Enterprise Linux Server from RHUI 5 x86_64
Red Hat Enterprise Linux Server from RHUI 5 i386

Fixes

BZ - 865215 - CVE-2012-4193 Mozilla: defaultValue security checks not applied (MFSA 2012-89)

CVEs

CVE-2012-4193

References

https://access.redhat.com/security/updates/classification/#critical

Note: More recent versions of these packages may be available. Click a package name for more details.

Red Hat Enterprise Linux Server 6

SRPM
thunderbird-10.0.8-2.el6_3.src.rpm	SHA-256: b9d610d87cc7a49b38d31f461c7ff6878d01e76763fd2c2321c7fcba346b6060
x86_64
thunderbird-10.0.8-2.el6_3.x86_64.rpm	SHA-256: c68d7a924ba37835a9d4ee747983c2efdcff566fdec3e71acb67ba254eb9ce2c
thunderbird-debuginfo-10.0.8-2.el6_3.x86_64.rpm	SHA-256: 5b89335592927cdee2486b5bc8fb060b3a88fee8dbc78cf43d4fd68edefc5e9d
i386
thunderbird-10.0.8-2.el6_3.i686.rpm	SHA-256: d1d3bf67e2d5ca46cd38922e1a8ec836fa26d3aef5f88ef2d9aa0dbffab1eb48
thunderbird-debuginfo-10.0.8-2.el6_3.i686.rpm	SHA-256: 6aa8aea109d4c7f59c331e1ef9a14240dcec9367978fcd6df1995bec35e68da9

Red Hat Enterprise Linux Server 5

SRPM
thunderbird-10.0.8-2.el5_8.src.rpm	SHA-256: 3a0843576b82c4f073e5f765edc39dde3b35e0ec010b1be7314dec7db821138f
x86_64
thunderbird-10.0.8-2.el5_8.x86_64.rpm	SHA-256: d27bc2025cb3b113774914c2f611ca70fc9be6dcb17bf7e480c8fff45cdb13d4
thunderbird-debuginfo-10.0.8-2.el5_8.x86_64.rpm	SHA-256: 59d5e846e3f85147669232a8511663effabfec9047c2e4a83b8263826bcd7c41
i386
thunderbird-10.0.8-2.el5_8.i386.rpm	SHA-256: 26bc4e74c29a9a4f31ab0a2f0e2cfeb94c6e089ad5eeccf7ae2566429f0aee11
thunderbird-debuginfo-10.0.8-2.el5_8.i386.rpm	SHA-256: db4f6e5ff708e2c63089db8b0749ee813ce98ff3f28f604cc8e502bf802b7189

Red Hat Enterprise Linux Server - Extended Update Support 6.3

SRPM
thunderbird-10.0.8-2.el6_3.src.rpm	SHA-256: b9d610d87cc7a49b38d31f461c7ff6878d01e76763fd2c2321c7fcba346b6060
x86_64
thunderbird-10.0.8-2.el6_3.x86_64.rpm	SHA-256: c68d7a924ba37835a9d4ee747983c2efdcff566fdec3e71acb67ba254eb9ce2c
thunderbird-debuginfo-10.0.8-2.el6_3.x86_64.rpm	SHA-256: 5b89335592927cdee2486b5bc8fb060b3a88fee8dbc78cf43d4fd68edefc5e9d
i386
thunderbird-10.0.8-2.el6_3.i686.rpm	SHA-256: d1d3bf67e2d5ca46cd38922e1a8ec836fa26d3aef5f88ef2d9aa0dbffab1eb48
thunderbird-debuginfo-10.0.8-2.el6_3.i686.rpm	SHA-256: 6aa8aea109d4c7f59c331e1ef9a14240dcec9367978fcd6df1995bec35e68da9

Red Hat Enterprise Linux Workstation 6

SRPM
thunderbird-10.0.8-2.el6_3.src.rpm	SHA-256: b9d610d87cc7a49b38d31f461c7ff6878d01e76763fd2c2321c7fcba346b6060
x86_64
thunderbird-10.0.8-2.el6_3.x86_64.rpm	SHA-256: c68d7a924ba37835a9d4ee747983c2efdcff566fdec3e71acb67ba254eb9ce2c
thunderbird-debuginfo-10.0.8-2.el6_3.x86_64.rpm	SHA-256: 5b89335592927cdee2486b5bc8fb060b3a88fee8dbc78cf43d4fd68edefc5e9d
i386
thunderbird-10.0.8-2.el6_3.i686.rpm	SHA-256: d1d3bf67e2d5ca46cd38922e1a8ec836fa26d3aef5f88ef2d9aa0dbffab1eb48
thunderbird-debuginfo-10.0.8-2.el6_3.i686.rpm	SHA-256: 6aa8aea109d4c7f59c331e1ef9a14240dcec9367978fcd6df1995bec35e68da9

Red Hat Enterprise Linux Workstation 5

SRPM
thunderbird-10.0.8-2.el5_8.src.rpm	SHA-256: 3a0843576b82c4f073e5f765edc39dde3b35e0ec010b1be7314dec7db821138f
x86_64
thunderbird-10.0.8-2.el5_8.x86_64.rpm	SHA-256: d27bc2025cb3b113774914c2f611ca70fc9be6dcb17bf7e480c8fff45cdb13d4
thunderbird-debuginfo-10.0.8-2.el5_8.x86_64.rpm	SHA-256: 59d5e846e3f85147669232a8511663effabfec9047c2e4a83b8263826bcd7c41
i386
thunderbird-10.0.8-2.el5_8.i386.rpm	SHA-256: 26bc4e74c29a9a4f31ab0a2f0e2cfeb94c6e089ad5eeccf7ae2566429f0aee11
thunderbird-debuginfo-10.0.8-2.el5_8.i386.rpm	SHA-256: db4f6e5ff708e2c63089db8b0749ee813ce98ff3f28f604cc8e502bf802b7189

Red Hat Enterprise Linux Desktop 6

SRPM
thunderbird-10.0.8-2.el6_3.src.rpm	SHA-256: b9d610d87cc7a49b38d31f461c7ff6878d01e76763fd2c2321c7fcba346b6060
x86_64
thunderbird-10.0.8-2.el6_3.x86_64.rpm	SHA-256: c68d7a924ba37835a9d4ee747983c2efdcff566fdec3e71acb67ba254eb9ce2c
thunderbird-debuginfo-10.0.8-2.el6_3.x86_64.rpm	SHA-256: 5b89335592927cdee2486b5bc8fb060b3a88fee8dbc78cf43d4fd68edefc5e9d
i386
thunderbird-10.0.8-2.el6_3.i686.rpm	SHA-256: d1d3bf67e2d5ca46cd38922e1a8ec836fa26d3aef5f88ef2d9aa0dbffab1eb48
thunderbird-debuginfo-10.0.8-2.el6_3.i686.rpm	SHA-256: 6aa8aea109d4c7f59c331e1ef9a14240dcec9367978fcd6df1995bec35e68da9

Red Hat Enterprise Linux Desktop 5

SRPM
thunderbird-10.0.8-2.el5_8.src.rpm	SHA-256: 3a0843576b82c4f073e5f765edc39dde3b35e0ec010b1be7314dec7db821138f
x86_64
thunderbird-10.0.8-2.el5_8.x86_64.rpm	SHA-256: d27bc2025cb3b113774914c2f611ca70fc9be6dcb17bf7e480c8fff45cdb13d4
thunderbird-debuginfo-10.0.8-2.el5_8.x86_64.rpm	SHA-256: 59d5e846e3f85147669232a8511663effabfec9047c2e4a83b8263826bcd7c41
i386
thunderbird-10.0.8-2.el5_8.i386.rpm	SHA-256: 26bc4e74c29a9a4f31ab0a2f0e2cfeb94c6e089ad5eeccf7ae2566429f0aee11
thunderbird-debuginfo-10.0.8-2.el5_8.i386.rpm	SHA-256: db4f6e5ff708e2c63089db8b0749ee813ce98ff3f28f604cc8e502bf802b7189

Red Hat Enterprise Linux for IBM z Systems 6

SRPM
thunderbird-10.0.8-2.el6_3.src.rpm	SHA-256: b9d610d87cc7a49b38d31f461c7ff6878d01e76763fd2c2321c7fcba346b6060
s390x
thunderbird-10.0.8-2.el6_3.s390x.rpm	SHA-256: ebe041559bf9b071f6e3a1b4c2df4113dbf997ce3735314b67ac0aa651c24a64
thunderbird-debuginfo-10.0.8-2.el6_3.s390x.rpm	SHA-256: 5821de2af5fd67e6fefdc7d0f7746919ea5372bad7c5de230c9f560e282ad3c0

Red Hat Enterprise Linux for IBM z Systems - Extended Update Support 6.3

SRPM
thunderbird-10.0.8-2.el6_3.src.rpm	SHA-256: b9d610d87cc7a49b38d31f461c7ff6878d01e76763fd2c2321c7fcba346b6060
s390x
thunderbird-10.0.8-2.el6_3.s390x.rpm	SHA-256: ebe041559bf9b071f6e3a1b4c2df4113dbf997ce3735314b67ac0aa651c24a64
thunderbird-debuginfo-10.0.8-2.el6_3.s390x.rpm	SHA-256: 5821de2af5fd67e6fefdc7d0f7746919ea5372bad7c5de230c9f560e282ad3c0

Red Hat Enterprise Linux for Power, big endian 6

SRPM
thunderbird-10.0.8-2.el6_3.src.rpm	SHA-256: b9d610d87cc7a49b38d31f461c7ff6878d01e76763fd2c2321c7fcba346b6060
ppc64
thunderbird-10.0.8-2.el6_3.ppc64.rpm	SHA-256: e5aaff8eb078b501a46d026f0ccfd890cbca11800dc5af491ecd6ca55213f804
thunderbird-debuginfo-10.0.8-2.el6_3.ppc64.rpm	SHA-256: 785569d9aa8f54fc9a7e07a98243da965795325437b712652fef7477128aede8

Red Hat Enterprise Linux for Power, big endian - Extended Update Support 6.3

SRPM
thunderbird-10.0.8-2.el6_3.src.rpm	SHA-256: b9d610d87cc7a49b38d31f461c7ff6878d01e76763fd2c2321c7fcba346b6060
ppc64
thunderbird-10.0.8-2.el6_3.ppc64.rpm	SHA-256: e5aaff8eb078b501a46d026f0ccfd890cbca11800dc5af491ecd6ca55213f804
thunderbird-debuginfo-10.0.8-2.el6_3.ppc64.rpm	SHA-256: 785569d9aa8f54fc9a7e07a98243da965795325437b712652fef7477128aede8

Red Hat Enterprise Linux Server from RHUI 6

SRPM
thunderbird-10.0.8-2.el6_3.src.rpm	SHA-256: b9d610d87cc7a49b38d31f461c7ff6878d01e76763fd2c2321c7fcba346b6060
x86_64
thunderbird-10.0.8-2.el6_3.x86_64.rpm	SHA-256: c68d7a924ba37835a9d4ee747983c2efdcff566fdec3e71acb67ba254eb9ce2c
thunderbird-debuginfo-10.0.8-2.el6_3.x86_64.rpm	SHA-256: 5b89335592927cdee2486b5bc8fb060b3a88fee8dbc78cf43d4fd68edefc5e9d
i386
thunderbird-10.0.8-2.el6_3.i686.rpm	SHA-256: d1d3bf67e2d5ca46cd38922e1a8ec836fa26d3aef5f88ef2d9aa0dbffab1eb48
thunderbird-debuginfo-10.0.8-2.el6_3.i686.rpm	SHA-256: 6aa8aea109d4c7f59c331e1ef9a14240dcec9367978fcd6df1995bec35e68da9

Red Hat Enterprise Linux Server from RHUI 5

SRPM
thunderbird-10.0.8-2.el5_8.src.rpm	SHA-256: 3a0843576b82c4f073e5f765edc39dde3b35e0ec010b1be7314dec7db821138f
x86_64
thunderbird-10.0.8-2.el5_8.x86_64.rpm	SHA-256: d27bc2025cb3b113774914c2f611ca70fc9be6dcb17bf7e480c8fff45cdb13d4
thunderbird-debuginfo-10.0.8-2.el5_8.x86_64.rpm	SHA-256: 59d5e846e3f85147669232a8511663effabfec9047c2e4a83b8263826bcd7c41
i386
thunderbird-10.0.8-2.el5_8.i386.rpm	SHA-256: 26bc4e74c29a9a4f31ab0a2f0e2cfeb94c6e089ad5eeccf7ae2566429f0aee11
thunderbird-debuginfo-10.0.8-2.el5_8.i386.rpm	SHA-256: db4f6e5ff708e2c63089db8b0749ee813ce98ff3f28f604cc8e502bf802b7189

The Red Hat security contact is secalert@redhat.com. More contact details at https://access.redhat.com/security/team/contact/.