Red Hat Product Errata RHSA-2022:9081 - Security Advisory
Issued:
2022-12-15
Updated:
2022-12-15

RHSA-2022:9081 - Security Advisory

Synopsis

Important: thunderbird security update

Type/Severity

Security Advisory: Important

Red Hat Insights patch analysis

Identify and remediate systems affected by this advisory.

View affected systems

Topic

An update for thunderbird is now available for Red Hat Enterprise Linux 9.0 Extended Update Support.

Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.

Description

Mozilla Thunderbird is a standalone mail and newsgroup client.

This update upgrades Thunderbird to version 102.6.0.

Security Fix(es):

  • Mozilla: Arbitrary file read from a compromised content process (CVE-2022-46872)
  • Mozilla: Memory safety bugs fixed in Firefox ESR 102.6 and Thunderbird 102.6 (CVE-2022-46878)
  • Mozilla: Use-after-free in WebGL (CVE-2022-46880)
  • Mozilla: Memory corruption in WebGL (CVE-2022-46881)
  • Mozilla: Quoting from an HTML email with certain tags will trigger network requests and load remote content, regardless of a configuration to block remote content (CVE-2022-45414)
  • Mozilla: Drag and Dropped Filenames could have been truncated to malicious extensions (CVE-2022-46874)
  • Mozilla: Use-after-free in WebGL (CVE-2022-46882)

For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.

Solution

For details on how to apply this update, which includes the changes described in this advisory, refer to:

https://access.redhat.com/articles/11258

All running instances of Thunderbird must be restarted for the update to take effect.

Affected Products

  • Red Hat Enterprise Linux for x86_64 - Extended Update Support 9.0 x86_64
  • Red Hat Enterprise Linux for IBM z Systems - Extended Update Support 9.0 s390x
  • Red Hat Enterprise Linux for Power, little endian - Extended Update Support 9.0 ppc64le
  • Red Hat Enterprise Linux for ARM 64 - Extended Update Support 9.0 aarch64
  • Red Hat Enterprise Linux Server for Power LE - Update Services for SAP Solutions 9.0 ppc64le
  • Red Hat Enterprise Linux for x86_64 - Update Services for SAP Solutions 9.0 x86_64
  • Red Hat Enterprise Linux for ARM 64 - 4 years of updates 9.0 aarch64
  • Red Hat Enterprise Linux for IBM z Systems - 4 years of updates 9.0 s390x

Fixes

  • BZ - 2149868 - CVE-2022-45414 Mozilla: Quoting from an HTML email with certain tags will trigger network requests and load remote content, regardless of a configuration to block remote content
  • BZ - 2153441 - CVE-2022-46872 Mozilla: Arbitrary file read from a compromised content process
  • BZ - 2153449 - CVE-2022-46874 Mozilla: Drag and Dropped Filenames could have been truncated to malicious extensions
  • BZ - 2153454 - CVE-2022-46878 Mozilla: Memory safety bugs fixed in Firefox ESR 102.6 and Thunderbird 102.6
  • BZ - 2153463 - CVE-2022-46880 Mozilla: Use-after-free in WebGL
  • BZ - 2153466 - CVE-2022-46881 Mozilla: Memory corruption in WebGL
  • BZ - 2153467 - CVE-2022-46882 Mozilla: Use-after-free in WebGL

Red Hat Enterprise Linux for x86_64 - Extended Update Support 9.0

SRPM
thunderbird-102.6.0-2.el9_0.src.rpm SHA-256: 47340f8d90e1a6fec1efa61673daab06169aff26d70e73018b54d2a7052c834f
x86_64
thunderbird-102.6.0-2.el9_0.x86_64.rpm SHA-256: c7bb2dc34e082a83efbff45e5aa1b6670bb8ec350d900c7c123d44e47d532b18
thunderbird-debuginfo-102.6.0-2.el9_0.x86_64.rpm SHA-256: fc5e29f5d5cf4b50e7e724fbb84deb7c4da28ab3549a6c3d0d1263698133d246
thunderbird-debugsource-102.6.0-2.el9_0.x86_64.rpm SHA-256: 061bedb8cd4bd701aa053d551f11d3b41a9bde132f7533c076307cf5dc7a7c75

Red Hat Enterprise Linux for IBM z Systems - Extended Update Support 9.0

SRPM
thunderbird-102.6.0-2.el9_0.src.rpm SHA-256: 47340f8d90e1a6fec1efa61673daab06169aff26d70e73018b54d2a7052c834f
s390x
thunderbird-102.6.0-2.el9_0.s390x.rpm SHA-256: 65df050a091a7a9b5385fed4dc0c304d436c7987da1d2c03b8e9abb0e6669fca
thunderbird-debuginfo-102.6.0-2.el9_0.s390x.rpm SHA-256: 55e54422d0683caf10eae93c6276cda090c0efafeb2ae92b5e22a5f6407ccd5c
thunderbird-debugsource-102.6.0-2.el9_0.s390x.rpm SHA-256: e2692476fb125ce243184018869dbafc831b64df454f4e7d43e4642139478f64

Red Hat Enterprise Linux for Power, little endian - Extended Update Support 9.0

SRPM
thunderbird-102.6.0-2.el9_0.src.rpm SHA-256: 47340f8d90e1a6fec1efa61673daab06169aff26d70e73018b54d2a7052c834f
ppc64le
thunderbird-102.6.0-2.el9_0.ppc64le.rpm SHA-256: 9781676924454f6253a3046961cc2a3d7b479a006b8c794bc134dbc0a574c385
thunderbird-debuginfo-102.6.0-2.el9_0.ppc64le.rpm SHA-256: f38c9a128d3ef1b2b25d479c35b454e722b0cb996c02f39f9dfdafecb3e79fac
thunderbird-debugsource-102.6.0-2.el9_0.ppc64le.rpm SHA-256: 6880901039d1863f5e677a87232aa0072fbb0b075f6ccc19819e233adbc47207

Red Hat Enterprise Linux for ARM 64 - Extended Update Support 9.0

SRPM
thunderbird-102.6.0-2.el9_0.src.rpm SHA-256: 47340f8d90e1a6fec1efa61673daab06169aff26d70e73018b54d2a7052c834f
aarch64
thunderbird-102.6.0-2.el9_0.aarch64.rpm SHA-256: fbe5b30d80930fcad1e5ad870244f1fc7013cbe0e27018ec82d141caccc5eba2
thunderbird-debuginfo-102.6.0-2.el9_0.aarch64.rpm SHA-256: 57412b7a50e87ba110d62d49e50a26f7f66545c1d4017671fce38e9cd43efd92
thunderbird-debugsource-102.6.0-2.el9_0.aarch64.rpm SHA-256: ed9e5d76ae8a4bc062f1a3fabde97bbfb9d3f9eefc044fc313dffb88f9852878

Red Hat Enterprise Linux Server for Power LE - Update Services for SAP Solutions 9.0

SRPM
thunderbird-102.6.0-2.el9_0.src.rpm SHA-256: 47340f8d90e1a6fec1efa61673daab06169aff26d70e73018b54d2a7052c834f
ppc64le
thunderbird-102.6.0-2.el9_0.ppc64le.rpm SHA-256: 9781676924454f6253a3046961cc2a3d7b479a006b8c794bc134dbc0a574c385
thunderbird-debuginfo-102.6.0-2.el9_0.ppc64le.rpm SHA-256: f38c9a128d3ef1b2b25d479c35b454e722b0cb996c02f39f9dfdafecb3e79fac
thunderbird-debugsource-102.6.0-2.el9_0.ppc64le.rpm SHA-256: 6880901039d1863f5e677a87232aa0072fbb0b075f6ccc19819e233adbc47207

Red Hat Enterprise Linux for x86_64 - Update Services for SAP Solutions 9.0

SRPM
thunderbird-102.6.0-2.el9_0.src.rpm SHA-256: 47340f8d90e1a6fec1efa61673daab06169aff26d70e73018b54d2a7052c834f
x86_64
thunderbird-102.6.0-2.el9_0.x86_64.rpm SHA-256: c7bb2dc34e082a83efbff45e5aa1b6670bb8ec350d900c7c123d44e47d532b18
thunderbird-debuginfo-102.6.0-2.el9_0.x86_64.rpm SHA-256: fc5e29f5d5cf4b50e7e724fbb84deb7c4da28ab3549a6c3d0d1263698133d246
thunderbird-debugsource-102.6.0-2.el9_0.x86_64.rpm SHA-256: 061bedb8cd4bd701aa053d551f11d3b41a9bde132f7533c076307cf5dc7a7c75

Red Hat Enterprise Linux for ARM 64 - 4 years of updates 9.0

SRPM
thunderbird-102.6.0-2.el9_0.src.rpm SHA-256: 47340f8d90e1a6fec1efa61673daab06169aff26d70e73018b54d2a7052c834f
aarch64
thunderbird-102.6.0-2.el9_0.aarch64.rpm SHA-256: fbe5b30d80930fcad1e5ad870244f1fc7013cbe0e27018ec82d141caccc5eba2
thunderbird-debuginfo-102.6.0-2.el9_0.aarch64.rpm SHA-256: 57412b7a50e87ba110d62d49e50a26f7f66545c1d4017671fce38e9cd43efd92
thunderbird-debugsource-102.6.0-2.el9_0.aarch64.rpm SHA-256: ed9e5d76ae8a4bc062f1a3fabde97bbfb9d3f9eefc044fc313dffb88f9852878

Red Hat Enterprise Linux for IBM z Systems - 4 years of updates 9.0

SRPM
thunderbird-102.6.0-2.el9_0.src.rpm SHA-256: 47340f8d90e1a6fec1efa61673daab06169aff26d70e73018b54d2a7052c834f
s390x
thunderbird-102.6.0-2.el9_0.s390x.rpm SHA-256: 65df050a091a7a9b5385fed4dc0c304d436c7987da1d2c03b8e9abb0e6669fca
thunderbird-debuginfo-102.6.0-2.el9_0.s390x.rpm SHA-256: 55e54422d0683caf10eae93c6276cda090c0efafeb2ae92b5e22a5f6407ccd5c
thunderbird-debugsource-102.6.0-2.el9_0.s390x.rpm SHA-256: e2692476fb125ce243184018869dbafc831b64df454f4e7d43e4642139478f64

The Red Hat security contact is secalert@redhat.com. More contact details at https://access.redhat.com/security/team/contact/.