Issued:: 2022-05-27
Updated:: 2022-05-27

RHSA-2022:4770 - Security Advisory

Overview
Updated Packages

Synopsis

Critical: thunderbird security update

Type/Severity

Security Advisory: Critical

Red Hat Insights patch analysis

Identify and remediate systems affected by this advisory.

View affected systems

Topic

An update for thunderbird is now available for Red Hat Enterprise Linux 8.1 Update Services for SAP Solutions.

Red Hat Product Security has rated this update as having a security impact of Critical. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.

Description

Mozilla Thunderbird is a standalone mail and newsgroup client.

This update upgrades Thunderbird to version 91.9.1.

Security Fix(es):

Mozilla: Untrusted input used in JavaScript object indexing, leading to prototype pollution (CVE-2022-1529)
Mozilla: Prototype pollution in Top-Level Await implementation (CVE-2022-1802)

For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.

Solution

For details on how to apply this update, which includes the changes described in this advisory, refer to:

https://access.redhat.com/articles/11258

All running instances of Thunderbird must be restarted for the update to take effect.

Affected Products

Red Hat Enterprise Linux Server for Power LE - Update Services for SAP Solutions 8.1 ppc64le
Red Hat Enterprise Linux for x86_64 - Update Services for SAP Solutions 8.1 x86_64

Fixes

BZ - 2089217 - CVE-2022-1802 Mozilla: Prototype pollution in Top-Level Await implementation
BZ - 2089218 - CVE-2022-1529 Mozilla: Untrusted input used in JavaScript object indexing, leading to prototype pollution

CVEs

References

https://access.redhat.com/security/updates/classification/#critical

Note: More recent versions of these packages may be available. Click a package name for more details.

Red Hat Enterprise Linux Server for Power LE - Update Services for SAP Solutions 8.1

SRPM
thunderbird-91.9.1-1.el8_1.src.rpm	SHA-256: 4ed3721546057bb4f0c3f1436a7dee680cc4dc1707962dd177d31821c667631d
ppc64le
thunderbird-91.9.1-1.el8_1.ppc64le.rpm	SHA-256: fade985f9cb0053371ca90be9689bae2011b23188521a211cc999fea6387f2d9
thunderbird-debuginfo-91.9.1-1.el8_1.ppc64le.rpm	SHA-256: beabb1bbd246ae2f8520521964de0bc1b7a8adc60dcf1830b357e5e695f1869f
thunderbird-debugsource-91.9.1-1.el8_1.ppc64le.rpm	SHA-256: 6fbd5df373df4d29f8109760201a3ef6f519f85be0909a7269fb0d33a839f454

Red Hat Enterprise Linux for x86_64 - Update Services for SAP Solutions 8.1

SRPM
thunderbird-91.9.1-1.el8_1.src.rpm	SHA-256: 4ed3721546057bb4f0c3f1436a7dee680cc4dc1707962dd177d31821c667631d
x86_64
thunderbird-91.9.1-1.el8_1.x86_64.rpm	SHA-256: e05f484ed1f7e9afa440d64fe72b4a5fc57f7c092a6bbc8b8f4e9df3d26f3656
thunderbird-debuginfo-91.9.1-1.el8_1.x86_64.rpm	SHA-256: e39f80199e469518f4d4feffb672a4604058f2ec206ebf3f96911c4e9e30f49d
thunderbird-debugsource-91.9.1-1.el8_1.x86_64.rpm	SHA-256: 0c419249dad40f7fb7612cbf96bd9ce15c0cbe654d5e0aa0aa2b1cf4f7f36682

The Red Hat security contact is secalert@redhat.com. More contact details at https://access.redhat.com/security/team/contact/.

Select Your Language

Infrastructure and Management

Cloud Computing

Storage

Runtimes

Integration and Automation