Issued:: 2022-12-15
Updated:: 2022-12-15

RHSA-2022:9080 - Security Advisory

Overview
Updated Packages

Synopsis

Important: thunderbird security update

Type/Severity

Security Advisory: Important

Red Hat Insights patch analysis

Identify and remediate systems affected by this advisory.

View affected systems

Topic

An update for thunderbird is now available for Red Hat Enterprise Linux 9.

Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.

Description

Mozilla Thunderbird is a standalone mail and newsgroup client.

This update upgrades Thunderbird to version 102.6.0.

Security Fix(es):

Mozilla: Arbitrary file read from a compromised content process (CVE-2022-46872)
Mozilla: Memory safety bugs fixed in Firefox ESR 102.6 and Thunderbird 102.6 (CVE-2022-46878)
Mozilla: Use-after-free in WebGL (CVE-2022-46880)
Mozilla: Memory corruption in WebGL (CVE-2022-46881)
Mozilla: Quoting from an HTML email with certain tags will trigger network requests and load remote content, regardless of a configuration to block remote content (CVE-2022-45414)
Mozilla: Drag and Dropped Filenames could have been truncated to malicious extensions (CVE-2022-46874)
Mozilla: Use-after-free in WebGL (CVE-2022-46882)

For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.

Solution

For details on how to apply this update, which includes the changes described in this advisory, refer to:

https://access.redhat.com/articles/11258

All running instances of Thunderbird must be restarted for the update to take effect.

Affected Products

Red Hat Enterprise Linux for x86_64 9 x86_64
Red Hat Enterprise Linux for x86_64 - Extended Update Support 9.4 x86_64
Red Hat Enterprise Linux for x86_64 - Extended Update Support 9.2 x86_64
Red Hat Enterprise Linux Server - AUS 9.4 x86_64
Red Hat Enterprise Linux Server - AUS 9.2 x86_64
Red Hat Enterprise Linux for IBM z Systems 9 s390x
Red Hat Enterprise Linux for IBM z Systems - Extended Update Support 9.4 s390x
Red Hat Enterprise Linux for IBM z Systems - Extended Update Support 9.2 s390x
Red Hat Enterprise Linux for Power, little endian 9 ppc64le
Red Hat Enterprise Linux for Power, little endian - Extended Update Support 9.4 ppc64le
Red Hat Enterprise Linux for Power, little endian - Extended Update Support 9.2 ppc64le
Red Hat Enterprise Linux for ARM 64 9 aarch64
Red Hat Enterprise Linux for ARM 64 - Extended Update Support 9.4 aarch64
Red Hat Enterprise Linux for ARM 64 - Extended Update Support 9.2 aarch64
Red Hat Enterprise Linux Server for Power LE - Update Services for SAP Solutions 9.4 ppc64le
Red Hat Enterprise Linux Server for Power LE - Update Services for SAP Solutions 9.2 ppc64le
Red Hat Enterprise Linux for x86_64 - Update Services for SAP Solutions 9.4 x86_64
Red Hat Enterprise Linux for x86_64 - Update Services for SAP Solutions 9.2 x86_64
Red Hat Enterprise Linux for ARM 64 - 4 years of updates 9.4 aarch64
Red Hat Enterprise Linux for ARM 64 - 4 years of updates 9.2 aarch64
Red Hat Enterprise Linux for IBM z Systems - 4 years of updates 9.4 s390x
Red Hat Enterprise Linux for IBM z Systems - 4 years of updates 9.2 s390x

Fixes

BZ - 2149868 - CVE-2022-45414 Mozilla: Quoting from an HTML email with certain tags will trigger network requests and load remote content, regardless of a configuration to block remote content
BZ - 2153441 - CVE-2022-46872 Mozilla: Arbitrary file read from a compromised content process
BZ - 2153449 - CVE-2022-46874 Mozilla: Drag and Dropped Filenames could have been truncated to malicious extensions
BZ - 2153454 - CVE-2022-46878 Mozilla: Memory safety bugs fixed in Firefox ESR 102.6 and Thunderbird 102.6
BZ - 2153463 - CVE-2022-46880 Mozilla: Use-after-free in WebGL
BZ - 2153466 - CVE-2022-46881 Mozilla: Memory corruption in WebGL
BZ - 2153467 - CVE-2022-46882 Mozilla: Use-after-free in WebGL

CVEs

References

https://access.redhat.com/security/updates/classification/#important

Note: More recent versions of these packages may be available. Click a package name for more details.

Red Hat Enterprise Linux for x86_64 9

SRPM
thunderbird-102.6.0-2.el9_1.src.rpm	SHA-256: ce940e3424bc8cc7e3bb4dd767da951266b60cc07980dc16fb0ea334c58cd94d
x86_64
thunderbird-102.6.0-2.el9_1.x86_64.rpm	SHA-256: 03ddd4ca588cfb05678a36e56b5385f968a215fdba67ebe63806445b4c7bf79c
thunderbird-debuginfo-102.6.0-2.el9_1.x86_64.rpm	SHA-256: 44a01e0f753fe77cf89e0340091e2ef770d313b686666772ec9966c7bafffc03
thunderbird-debugsource-102.6.0-2.el9_1.x86_64.rpm	SHA-256: fd08bfdf6ea926d69909aa3ff38199442b3dc74bfecf4c769b819179255d86de

Red Hat Enterprise Linux for x86_64 - Extended Update Support 9.4

SRPM
thunderbird-102.6.0-2.el9_1.src.rpm	SHA-256: ce940e3424bc8cc7e3bb4dd767da951266b60cc07980dc16fb0ea334c58cd94d
x86_64
thunderbird-102.6.0-2.el9_1.x86_64.rpm	SHA-256: 03ddd4ca588cfb05678a36e56b5385f968a215fdba67ebe63806445b4c7bf79c
thunderbird-debuginfo-102.6.0-2.el9_1.x86_64.rpm	SHA-256: 44a01e0f753fe77cf89e0340091e2ef770d313b686666772ec9966c7bafffc03
thunderbird-debugsource-102.6.0-2.el9_1.x86_64.rpm	SHA-256: fd08bfdf6ea926d69909aa3ff38199442b3dc74bfecf4c769b819179255d86de

Red Hat Enterprise Linux for x86_64 - Extended Update Support 9.2

SRPM
thunderbird-102.6.0-2.el9_1.src.rpm	SHA-256: ce940e3424bc8cc7e3bb4dd767da951266b60cc07980dc16fb0ea334c58cd94d
x86_64
thunderbird-102.6.0-2.el9_1.x86_64.rpm	SHA-256: 03ddd4ca588cfb05678a36e56b5385f968a215fdba67ebe63806445b4c7bf79c
thunderbird-debuginfo-102.6.0-2.el9_1.x86_64.rpm	SHA-256: 44a01e0f753fe77cf89e0340091e2ef770d313b686666772ec9966c7bafffc03
thunderbird-debugsource-102.6.0-2.el9_1.x86_64.rpm	SHA-256: fd08bfdf6ea926d69909aa3ff38199442b3dc74bfecf4c769b819179255d86de

Red Hat Enterprise Linux Server - AUS 9.4

SRPM
thunderbird-102.6.0-2.el9_1.src.rpm	SHA-256: ce940e3424bc8cc7e3bb4dd767da951266b60cc07980dc16fb0ea334c58cd94d
x86_64
thunderbird-102.6.0-2.el9_1.x86_64.rpm	SHA-256: 03ddd4ca588cfb05678a36e56b5385f968a215fdba67ebe63806445b4c7bf79c
thunderbird-debuginfo-102.6.0-2.el9_1.x86_64.rpm	SHA-256: 44a01e0f753fe77cf89e0340091e2ef770d313b686666772ec9966c7bafffc03
thunderbird-debugsource-102.6.0-2.el9_1.x86_64.rpm	SHA-256: fd08bfdf6ea926d69909aa3ff38199442b3dc74bfecf4c769b819179255d86de

Red Hat Enterprise Linux Server - AUS 9.2

SRPM
thunderbird-102.6.0-2.el9_1.src.rpm	SHA-256: ce940e3424bc8cc7e3bb4dd767da951266b60cc07980dc16fb0ea334c58cd94d
x86_64
thunderbird-102.6.0-2.el9_1.x86_64.rpm	SHA-256: 03ddd4ca588cfb05678a36e56b5385f968a215fdba67ebe63806445b4c7bf79c
thunderbird-debuginfo-102.6.0-2.el9_1.x86_64.rpm	SHA-256: 44a01e0f753fe77cf89e0340091e2ef770d313b686666772ec9966c7bafffc03
thunderbird-debugsource-102.6.0-2.el9_1.x86_64.rpm	SHA-256: fd08bfdf6ea926d69909aa3ff38199442b3dc74bfecf4c769b819179255d86de

Red Hat Enterprise Linux for IBM z Systems 9

SRPM
thunderbird-102.6.0-2.el9_1.src.rpm	SHA-256: ce940e3424bc8cc7e3bb4dd767da951266b60cc07980dc16fb0ea334c58cd94d
s390x
thunderbird-102.6.0-2.el9_1.s390x.rpm	SHA-256: e047ed4dd7c848a94c5c4e104ad0fa06934b31e4c14b0b869eb27de986f1472b
thunderbird-debuginfo-102.6.0-2.el9_1.s390x.rpm	SHA-256: 8206019b42e47c4827ae4a2562672e626acb04125d3bfd51570946e9198b58f3
thunderbird-debugsource-102.6.0-2.el9_1.s390x.rpm	SHA-256: 9a57fbe5f51cf7c1c57b0e3a391a6744c5c184d0e2fc02857dc29bf95f2af9bc

Red Hat Enterprise Linux for IBM z Systems - Extended Update Support 9.4

SRPM
thunderbird-102.6.0-2.el9_1.src.rpm	SHA-256: ce940e3424bc8cc7e3bb4dd767da951266b60cc07980dc16fb0ea334c58cd94d
s390x
thunderbird-102.6.0-2.el9_1.s390x.rpm	SHA-256: e047ed4dd7c848a94c5c4e104ad0fa06934b31e4c14b0b869eb27de986f1472b
thunderbird-debuginfo-102.6.0-2.el9_1.s390x.rpm	SHA-256: 8206019b42e47c4827ae4a2562672e626acb04125d3bfd51570946e9198b58f3
thunderbird-debugsource-102.6.0-2.el9_1.s390x.rpm	SHA-256: 9a57fbe5f51cf7c1c57b0e3a391a6744c5c184d0e2fc02857dc29bf95f2af9bc

Red Hat Enterprise Linux for IBM z Systems - Extended Update Support 9.2

SRPM
thunderbird-102.6.0-2.el9_1.src.rpm	SHA-256: ce940e3424bc8cc7e3bb4dd767da951266b60cc07980dc16fb0ea334c58cd94d
s390x
thunderbird-102.6.0-2.el9_1.s390x.rpm	SHA-256: e047ed4dd7c848a94c5c4e104ad0fa06934b31e4c14b0b869eb27de986f1472b
thunderbird-debuginfo-102.6.0-2.el9_1.s390x.rpm	SHA-256: 8206019b42e47c4827ae4a2562672e626acb04125d3bfd51570946e9198b58f3
thunderbird-debugsource-102.6.0-2.el9_1.s390x.rpm	SHA-256: 9a57fbe5f51cf7c1c57b0e3a391a6744c5c184d0e2fc02857dc29bf95f2af9bc

Red Hat Enterprise Linux for Power, little endian 9

SRPM
thunderbird-102.6.0-2.el9_1.src.rpm	SHA-256: ce940e3424bc8cc7e3bb4dd767da951266b60cc07980dc16fb0ea334c58cd94d
ppc64le
thunderbird-102.6.0-2.el9_1.ppc64le.rpm	SHA-256: cfd152e8c4beab31a19238017288febb3d9cfc1d79d2435129f9083797b65d6f
thunderbird-debuginfo-102.6.0-2.el9_1.ppc64le.rpm	SHA-256: 633bd7e3710a91032bb619aa551ddc695de526430f48e1454030f854f6e9971b
thunderbird-debugsource-102.6.0-2.el9_1.ppc64le.rpm	SHA-256: 6a828d8b2407a51bdc5ce60eb73a383040f457a3fab9d61f9da94c219ab25307

Red Hat Enterprise Linux for Power, little endian - Extended Update Support 9.4

SRPM
thunderbird-102.6.0-2.el9_1.src.rpm	SHA-256: ce940e3424bc8cc7e3bb4dd767da951266b60cc07980dc16fb0ea334c58cd94d
ppc64le
thunderbird-102.6.0-2.el9_1.ppc64le.rpm	SHA-256: cfd152e8c4beab31a19238017288febb3d9cfc1d79d2435129f9083797b65d6f
thunderbird-debuginfo-102.6.0-2.el9_1.ppc64le.rpm	SHA-256: 633bd7e3710a91032bb619aa551ddc695de526430f48e1454030f854f6e9971b
thunderbird-debugsource-102.6.0-2.el9_1.ppc64le.rpm	SHA-256: 6a828d8b2407a51bdc5ce60eb73a383040f457a3fab9d61f9da94c219ab25307

Red Hat Enterprise Linux for Power, little endian - Extended Update Support 9.2

SRPM
thunderbird-102.6.0-2.el9_1.src.rpm	SHA-256: ce940e3424bc8cc7e3bb4dd767da951266b60cc07980dc16fb0ea334c58cd94d
ppc64le
thunderbird-102.6.0-2.el9_1.ppc64le.rpm	SHA-256: cfd152e8c4beab31a19238017288febb3d9cfc1d79d2435129f9083797b65d6f
thunderbird-debuginfo-102.6.0-2.el9_1.ppc64le.rpm	SHA-256: 633bd7e3710a91032bb619aa551ddc695de526430f48e1454030f854f6e9971b
thunderbird-debugsource-102.6.0-2.el9_1.ppc64le.rpm	SHA-256: 6a828d8b2407a51bdc5ce60eb73a383040f457a3fab9d61f9da94c219ab25307

Red Hat Enterprise Linux for ARM 64 9

SRPM
thunderbird-102.6.0-2.el9_1.src.rpm	SHA-256: ce940e3424bc8cc7e3bb4dd767da951266b60cc07980dc16fb0ea334c58cd94d
aarch64
thunderbird-102.6.0-2.el9_1.aarch64.rpm	SHA-256: b95e12a87abaafde50be54ab3ad58324bc72e798c35441feadcde4ada08048c6
thunderbird-debuginfo-102.6.0-2.el9_1.aarch64.rpm	SHA-256: 785761b6a03ee069ad34912dcce1407ca0466a31dd494d9c914d444e9fb65e95
thunderbird-debugsource-102.6.0-2.el9_1.aarch64.rpm	SHA-256: 4b4f353c05f3a976de2e2450f9745d2c12d5421f2ccafceae36696180908aa58

Red Hat Enterprise Linux for ARM 64 - Extended Update Support 9.4

SRPM
thunderbird-102.6.0-2.el9_1.src.rpm	SHA-256: ce940e3424bc8cc7e3bb4dd767da951266b60cc07980dc16fb0ea334c58cd94d
aarch64
thunderbird-102.6.0-2.el9_1.aarch64.rpm	SHA-256: b95e12a87abaafde50be54ab3ad58324bc72e798c35441feadcde4ada08048c6
thunderbird-debuginfo-102.6.0-2.el9_1.aarch64.rpm	SHA-256: 785761b6a03ee069ad34912dcce1407ca0466a31dd494d9c914d444e9fb65e95
thunderbird-debugsource-102.6.0-2.el9_1.aarch64.rpm	SHA-256: 4b4f353c05f3a976de2e2450f9745d2c12d5421f2ccafceae36696180908aa58

Red Hat Enterprise Linux for ARM 64 - Extended Update Support 9.2

SRPM
thunderbird-102.6.0-2.el9_1.src.rpm	SHA-256: ce940e3424bc8cc7e3bb4dd767da951266b60cc07980dc16fb0ea334c58cd94d
aarch64
thunderbird-102.6.0-2.el9_1.aarch64.rpm	SHA-256: b95e12a87abaafde50be54ab3ad58324bc72e798c35441feadcde4ada08048c6
thunderbird-debuginfo-102.6.0-2.el9_1.aarch64.rpm	SHA-256: 785761b6a03ee069ad34912dcce1407ca0466a31dd494d9c914d444e9fb65e95
thunderbird-debugsource-102.6.0-2.el9_1.aarch64.rpm	SHA-256: 4b4f353c05f3a976de2e2450f9745d2c12d5421f2ccafceae36696180908aa58

Red Hat Enterprise Linux Server for Power LE - Update Services for SAP Solutions 9.4

SRPM
thunderbird-102.6.0-2.el9_1.src.rpm	SHA-256: ce940e3424bc8cc7e3bb4dd767da951266b60cc07980dc16fb0ea334c58cd94d
ppc64le
thunderbird-102.6.0-2.el9_1.ppc64le.rpm	SHA-256: cfd152e8c4beab31a19238017288febb3d9cfc1d79d2435129f9083797b65d6f
thunderbird-debuginfo-102.6.0-2.el9_1.ppc64le.rpm	SHA-256: 633bd7e3710a91032bb619aa551ddc695de526430f48e1454030f854f6e9971b
thunderbird-debugsource-102.6.0-2.el9_1.ppc64le.rpm	SHA-256: 6a828d8b2407a51bdc5ce60eb73a383040f457a3fab9d61f9da94c219ab25307

Red Hat Enterprise Linux Server for Power LE - Update Services for SAP Solutions 9.2

SRPM
thunderbird-102.6.0-2.el9_1.src.rpm	SHA-256: ce940e3424bc8cc7e3bb4dd767da951266b60cc07980dc16fb0ea334c58cd94d
ppc64le
thunderbird-102.6.0-2.el9_1.ppc64le.rpm	SHA-256: cfd152e8c4beab31a19238017288febb3d9cfc1d79d2435129f9083797b65d6f
thunderbird-debuginfo-102.6.0-2.el9_1.ppc64le.rpm	SHA-256: 633bd7e3710a91032bb619aa551ddc695de526430f48e1454030f854f6e9971b
thunderbird-debugsource-102.6.0-2.el9_1.ppc64le.rpm	SHA-256: 6a828d8b2407a51bdc5ce60eb73a383040f457a3fab9d61f9da94c219ab25307

Red Hat Enterprise Linux for x86_64 - Update Services for SAP Solutions 9.4

SRPM
thunderbird-102.6.0-2.el9_1.src.rpm	SHA-256: ce940e3424bc8cc7e3bb4dd767da951266b60cc07980dc16fb0ea334c58cd94d
x86_64
thunderbird-102.6.0-2.el9_1.x86_64.rpm	SHA-256: 03ddd4ca588cfb05678a36e56b5385f968a215fdba67ebe63806445b4c7bf79c
thunderbird-debuginfo-102.6.0-2.el9_1.x86_64.rpm	SHA-256: 44a01e0f753fe77cf89e0340091e2ef770d313b686666772ec9966c7bafffc03
thunderbird-debugsource-102.6.0-2.el9_1.x86_64.rpm	SHA-256: fd08bfdf6ea926d69909aa3ff38199442b3dc74bfecf4c769b819179255d86de

Red Hat Enterprise Linux for x86_64 - Update Services for SAP Solutions 9.2

SRPM
thunderbird-102.6.0-2.el9_1.src.rpm	SHA-256: ce940e3424bc8cc7e3bb4dd767da951266b60cc07980dc16fb0ea334c58cd94d
x86_64
thunderbird-102.6.0-2.el9_1.x86_64.rpm	SHA-256: 03ddd4ca588cfb05678a36e56b5385f968a215fdba67ebe63806445b4c7bf79c
thunderbird-debuginfo-102.6.0-2.el9_1.x86_64.rpm	SHA-256: 44a01e0f753fe77cf89e0340091e2ef770d313b686666772ec9966c7bafffc03
thunderbird-debugsource-102.6.0-2.el9_1.x86_64.rpm	SHA-256: fd08bfdf6ea926d69909aa3ff38199442b3dc74bfecf4c769b819179255d86de

Red Hat Enterprise Linux for ARM 64 - 4 years of updates 9.4

SRPM
thunderbird-102.6.0-2.el9_1.src.rpm	SHA-256: ce940e3424bc8cc7e3bb4dd767da951266b60cc07980dc16fb0ea334c58cd94d
aarch64
thunderbird-102.6.0-2.el9_1.aarch64.rpm	SHA-256: b95e12a87abaafde50be54ab3ad58324bc72e798c35441feadcde4ada08048c6
thunderbird-debuginfo-102.6.0-2.el9_1.aarch64.rpm	SHA-256: 785761b6a03ee069ad34912dcce1407ca0466a31dd494d9c914d444e9fb65e95
thunderbird-debugsource-102.6.0-2.el9_1.aarch64.rpm	SHA-256: 4b4f353c05f3a976de2e2450f9745d2c12d5421f2ccafceae36696180908aa58

Red Hat Enterprise Linux for ARM 64 - 4 years of updates 9.2

SRPM
thunderbird-102.6.0-2.el9_1.src.rpm	SHA-256: ce940e3424bc8cc7e3bb4dd767da951266b60cc07980dc16fb0ea334c58cd94d
aarch64
thunderbird-102.6.0-2.el9_1.aarch64.rpm	SHA-256: b95e12a87abaafde50be54ab3ad58324bc72e798c35441feadcde4ada08048c6
thunderbird-debuginfo-102.6.0-2.el9_1.aarch64.rpm	SHA-256: 785761b6a03ee069ad34912dcce1407ca0466a31dd494d9c914d444e9fb65e95
thunderbird-debugsource-102.6.0-2.el9_1.aarch64.rpm	SHA-256: 4b4f353c05f3a976de2e2450f9745d2c12d5421f2ccafceae36696180908aa58

Red Hat Enterprise Linux for IBM z Systems - 4 years of updates 9.4

SRPM
thunderbird-102.6.0-2.el9_1.src.rpm	SHA-256: ce940e3424bc8cc7e3bb4dd767da951266b60cc07980dc16fb0ea334c58cd94d
s390x
thunderbird-102.6.0-2.el9_1.s390x.rpm	SHA-256: e047ed4dd7c848a94c5c4e104ad0fa06934b31e4c14b0b869eb27de986f1472b
thunderbird-debuginfo-102.6.0-2.el9_1.s390x.rpm	SHA-256: 8206019b42e47c4827ae4a2562672e626acb04125d3bfd51570946e9198b58f3
thunderbird-debugsource-102.6.0-2.el9_1.s390x.rpm	SHA-256: 9a57fbe5f51cf7c1c57b0e3a391a6744c5c184d0e2fc02857dc29bf95f2af9bc

Red Hat Enterprise Linux for IBM z Systems - 4 years of updates 9.2

SRPM
thunderbird-102.6.0-2.el9_1.src.rpm	SHA-256: ce940e3424bc8cc7e3bb4dd767da951266b60cc07980dc16fb0ea334c58cd94d
s390x
thunderbird-102.6.0-2.el9_1.s390x.rpm	SHA-256: e047ed4dd7c848a94c5c4e104ad0fa06934b31e4c14b0b869eb27de986f1472b
thunderbird-debuginfo-102.6.0-2.el9_1.s390x.rpm	SHA-256: 8206019b42e47c4827ae4a2562672e626acb04125d3bfd51570946e9198b58f3
thunderbird-debugsource-102.6.0-2.el9_1.s390x.rpm	SHA-256: 9a57fbe5f51cf7c1c57b0e3a391a6744c5c184d0e2fc02857dc29bf95f2af9bc

The Red Hat security contact is secalert@redhat.com. More contact details at https://access.redhat.com/security/team/contact/.