Red Hat Product Errata RHSA-2020:5240 - Security Advisory

Issued:: 2020-11-30
Updated:: 2020-11-30

RHSA-2020:5240 - Security Advisory

Overview
Updated Packages

Synopsis

Important: thunderbird security update

Type/Severity

Security Advisory: Important

Red Hat Insights patch analysis

Identify and remediate systems affected by this advisory.

View affected systems

Topic

An update for thunderbird is now available for Red Hat Enterprise Linux 8.0 Update Services for SAP Solutions.

Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.

Description

Mozilla Thunderbird is a standalone mail and newsgroup client.

This update upgrades Thunderbird to version 78.5.0.

Security Fix(es):

Mozilla: Parsing mismatches could confuse and bypass security sanitizer for chrome privileged code (CVE-2020-26951)
Mozilla: Memory safety bugs fixed in Firefox 83 and Firefox ESR 78.5 (CVE-2020-26968)
Mozilla: Variable time processing of cross-origin images during drawImage calls (CVE-2020-16012)
Mozilla: Fullscreen could be enabled without displaying the security UI (CVE-2020-26953)
Mozilla: XSS through paste (manual and clipboard API) (CVE-2020-26956)
Mozilla: Requests intercepted through ServiceWorkers lacked MIME type restrictions (CVE-2020-26958)
Mozilla: Use-after-free in WebRequestService (CVE-2020-26959)
Mozilla: Potential use-after-free in uses of nsTArray (CVE-2020-26960)
Mozilla: DoH did not filter IPv4 mapped IP Addresses (CVE-2020-26961)
Mozilla: Software keyboards may have remembered typed passwords (CVE-2020-26965)

For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.

Solution

For details on how to apply this update, which includes the changes described in this advisory, refer to:

https://access.redhat.com/articles/11258

All running instances of Thunderbird must be restarted for the update to take effect.

Affected Products

Red Hat Enterprise Linux Server (for IBM Power LE) - Update Services for SAP Solutions 8.0 ppc64le
Red Hat Enterprise Linux Server - Update Services for SAP Solutions 8.0 x86_64

Fixes

BZ - 1898731 - CVE-2020-26951 Mozilla: Parsing mismatches could confuse and bypass security sanitizer for chrome privileged code
BZ - 1898732 - CVE-2020-16012 Mozilla: Variable time processing of cross-origin images during drawImage calls
BZ - 1898733 - CVE-2020-26953 Mozilla: Fullscreen could be enabled without displaying the security UI
BZ - 1898734 - CVE-2020-26956 Mozilla: XSS through paste (manual and clipboard API)
BZ - 1898735 - CVE-2020-26958 Mozilla: Requests intercepted through ServiceWorkers lacked MIME type restrictions
BZ - 1898736 - CVE-2020-26959 Mozilla: Use-after-free in WebRequestService
BZ - 1898737 - CVE-2020-26960 Mozilla: Potential use-after-free in uses of nsTArray
BZ - 1898738 - CVE-2020-26961 Mozilla: DoH did not filter IPv4 mapped IP Addresses
BZ - 1898739 - CVE-2020-26965 Mozilla: Software keyboards may have remembered typed passwords
BZ - 1898741 - CVE-2020-26968 Mozilla: Memory safety bugs fixed in Firefox 83 and Firefox ESR 78.5

CVEs

References

https://access.redhat.com/security/updates/classification/#important

Note: More recent versions of these packages may be available. Click a package name for more details.

Red Hat Enterprise Linux Server (for IBM Power LE) - Update Services for SAP Solutions 8.0

SRPM
thunderbird-78.5.0-1.el8_0.src.rpm	SHA-256: f125596bfc91eabf11ed45a5ab934dae5caecd6923f5376a1b8a473b2a301da2
ppc64le
thunderbird-78.5.0-1.el8_0.ppc64le.rpm	SHA-256: 65f1f2a6c34443ad7bb8b3c32d1a21b7162f2ea4ebbfbb1da853c2b8264ccfb0
thunderbird-debuginfo-78.5.0-1.el8_0.ppc64le.rpm	SHA-256: 3cab4d5eff89d9792146502197e2f5299ae2873977cc8a55491ef6eaf971153d
thunderbird-debugsource-78.5.0-1.el8_0.ppc64le.rpm	SHA-256: 0ae426bbd58d7c256ef6d3c064f42be59c643b4f3134ed237800a2fb30e3e83b

Red Hat Enterprise Linux Server - Update Services for SAP Solutions 8.0

SRPM
thunderbird-78.5.0-1.el8_0.src.rpm	SHA-256: f125596bfc91eabf11ed45a5ab934dae5caecd6923f5376a1b8a473b2a301da2
x86_64
thunderbird-78.5.0-1.el8_0.x86_64.rpm	SHA-256: 9768593d52fe18c104e2831e86e90472f0a94049bb99ec3e9ab10c9d5fbae16a
thunderbird-debuginfo-78.5.0-1.el8_0.x86_64.rpm	SHA-256: 7d4b0415097cbb3e3c684fab1418c039e7b2f8a53d354553669d2b33cf48b002
thunderbird-debugsource-78.5.0-1.el8_0.x86_64.rpm	SHA-256: 45b10e71950f147f50bdcfb6e4a809ad4b1beae6c8874feac5a0fa9cca01a83b

The Red Hat security contact is secalert@redhat.com. More contact details at https://access.redhat.com/security/team/contact/.

Log in to Your Red Hat Account

Red Hat Account

Customer Portal

Select Your Language

Infrastructure and Management

Cloud Computing

Storage

Runtimes

Integration and Automation

Services

Tools

Red Hat Insights

Red Hat Product Security Center

Security Updates

Resources

Customer Portal Community

Customer Events

Stories