Skip to navigation Skip to main content

Utilities

  • Subscriptions
  • Downloads
  • Containers
  • Support Cases
Red Hat Customer Portal
  • Subscriptions
  • Downloads
  • Containers
  • Support Cases
  • Products & Services

    Products

    Support

    • Production Support
    • Development Support
    • Product Life Cycles

    Services

    • Consulting
    • Technical Account Management
    • Training & Certifications

    Documentation

    • Red Hat Enterprise Linux
    • Red Hat JBoss Enterprise Application Platform
    • Red Hat OpenStack Platform
    • Red Hat OpenShift Container Platform
    All Documentation

    Ecosystem Catalog

    • Red Hat Partner Ecosystem
    • Partner Resources
  • Tools

    Tools

    • Troubleshoot a product issue
    • Packages
    • Errata

    Customer Portal Labs

    • Configuration
    • Deployment
    • Security
    • Troubleshoot
    All labs

    Red Hat Insights

    Increase visibility into IT operations to detect and resolve technical issues before they impact your business.

    Learn More
    Go to Insights
  • Security

    Red Hat Product Security Center

    Engage with our Red Hat Product Security team, access security updates, and ensure your environments are not exposed to any known security vulnerabilities.

    Product Security Center

    Security Updates

    • Security Advisories
    • Red Hat CVE Database
    • Security Labs

    Keep your systems secure with Red Hat's specialized responses to security vulnerabilities.

    View Responses

    Resources

    • Security Blog
    • Security Measurement
    • Severity Ratings
    • Backporting Policies
    • Product Signing (GPG) Keys
  • Community

    Customer Portal Community

    • Discussions
    • Private Groups
    Community Activity

    Customer Events

    • Red Hat Convergence
    • Red Hat Summit

    Stories

    • Red Hat Subscription Value
    • You Asked. We Acted.
    • Open Source Communities
Or troubleshoot an issue.

Select Your Language

  • English
  • 한국어
  • 日本語
  • 中文 (中国)

Infrastructure and Management

  • Red Hat Enterprise Linux
  • Red Hat Virtualization
  • Red Hat Identity Management
  • Red Hat Directory Server
  • Red Hat Certificate System
  • Red Hat Satellite
  • Red Hat Subscription Management
  • Red Hat Update Infrastructure
  • Red Hat Insights
  • Red Hat Ansible Automation Platform

Cloud Computing

  • Red Hat OpenShift
  • Red Hat CloudForms
  • Red Hat OpenStack Platform
  • Red Hat OpenShift Container Platform
  • Red Hat OpenShift Data Science
  • Red Hat OpenShift Online
  • Red Hat OpenShift Dedicated
  • Red Hat Advanced Cluster Security for Kubernetes
  • Red Hat Advanced Cluster Management for Kubernetes
  • Red Hat Quay
  • Red Hat CodeReady Workspaces
  • Red Hat OpenShift Service on AWS

Storage

  • Red Hat Gluster Storage
  • Red Hat Hyperconverged Infrastructure
  • Red Hat Ceph Storage
  • Red Hat OpenShift Data Foundation

Runtimes

  • Red Hat Runtimes
  • Red Hat JBoss Enterprise Application Platform
  • Red Hat Data Grid
  • Red Hat JBoss Web Server
  • Red Hat Single Sign On
  • Red Hat support for Spring Boot
  • Red Hat build of Node.js
  • Red Hat build of Thorntail
  • Red Hat build of Eclipse Vert.x
  • Red Hat build of OpenJDK
  • Red Hat build of Quarkus

Integration and Automation

  • Red Hat Integration
  • Red Hat Fuse
  • Red Hat AMQ
  • Red Hat 3scale API Management
  • Red Hat JBoss Data Virtualization
  • Red Hat Process Automation
  • Red Hat Process Automation Manager
  • Red Hat Decision Manager
All Products
Red Hat Product Errata RHSA-2023:0461 - Security Advisory
Issued:
2023-01-25
Updated:
2023-01-25

RHSA-2023:0461 - Security Advisory

  • Overview
  • Updated Packages

Synopsis

Important: thunderbird security update

Type/Severity

Security Advisory: Important

Red Hat Insights patch analysis

Identify and remediate systems affected by this advisory.

View affected systems

Topic

An update for thunderbird is now available for Red Hat Enterprise Linux 9.0 Extended Update Support.

Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.

Description

Mozilla Thunderbird is a standalone mail and newsgroup client.

This update upgrades Thunderbird to version 102.7.1.

Security Fix(es):

  • Mozilla: libusrsctp library out of date (CVE-2022-46871)
  • Mozilla: Arbitrary file read from GTK drag and drop on Linux (CVE-2023-23598)
  • Mozilla: Memory safety bugs fixed in Firefox 109 and Firefox ESR 102.7 (CVE-2023-23605)
  • Mozilla: Malicious command could be hidden in devtools output (CVE-2023-23599)
  • Mozilla: URL being dragged from cross-origin iframe into same tab triggers navigation (CVE-2023-23601)
  • Mozilla: Content Security Policy wasn't being correctly applied to WebSockets in WebWorkers (CVE-2023-23602)
  • Mozilla: Fullscreen notification bypass (CVE-2022-46877)
  • Mozilla: Calls to <code>console.log</code> allowed bypasing Content Security Policy via format directive (CVE-2023-23603)

For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.

Solution

For details on how to apply this update, which includes the changes described in this advisory, refer to:

https://access.redhat.com/articles/11258

All running instances of Thunderbird must be restarted for the update to take effect.

Affected Products

  • Red Hat Enterprise Linux for x86_64 - Extended Update Support 9.0 x86_64
  • Red Hat Enterprise Linux for IBM z Systems - Extended Update Support 9.0 s390x
  • Red Hat Enterprise Linux for Power, little endian - Extended Update Support 9.0 ppc64le
  • Red Hat Enterprise Linux for ARM 64 - Extended Update Support 9.0 aarch64
  • Red Hat Enterprise Linux Server for Power LE - Update Services for SAP Solutions 9.0 ppc64le
  • Red Hat Enterprise Linux for x86_64 - Update Services for SAP Solutions 9.0 x86_64
  • Red Hat Enterprise Linux Server for ARM 64 - 4 years of updates 9.0 aarch64
  • Red Hat Enterprise Linux Server for IBM z Systems - 4 years of updates 9.0 s390x

Fixes

  • BZ - 2162336 - CVE-2022-46871 Mozilla: libusrsctp library out of date
  • BZ - 2162338 - CVE-2023-23598 Mozilla: Arbitrary file read from GTK drag and drop on Linux
  • BZ - 2162339 - CVE-2023-23599 Mozilla: Malicious command could be hidden in devtools output
  • BZ - 2162340 - CVE-2023-23601 Mozilla: URL being dragged from cross-origin iframe into same tab triggers navigation
  • BZ - 2162341 - CVE-2023-23602 Mozilla: Content Security Policy wasn't being correctly applied to WebSockets in WebWorkers
  • BZ - 2162342 - CVE-2022-46877 Mozilla: Fullscreen notification bypass
  • BZ - 2162343 - CVE-2023-23603 Mozilla: Calls to <code>console.log</code> allowed bypasing Content Security Policy via format directive
  • BZ - 2162344 - CVE-2023-23605 Mozilla: Memory safety bugs fixed in Firefox 109 and Firefox ESR 102.7

CVEs

  • CVE-2022-46871
  • CVE-2022-46877
  • CVE-2023-23598
  • CVE-2023-23599
  • CVE-2023-23601
  • CVE-2023-23602
  • CVE-2023-23603
  • CVE-2023-23605

References

  • https://access.redhat.com/security/updates/classification/#important
Note: More recent versions of these packages may be available. Click a package name for more details.

Red Hat Enterprise Linux for x86_64 - Extended Update Support 9.0

SRPM
thunderbird-102.7.1-1.el9_0.src.rpm SHA-256: 3aa82285ef2dc76f27dcd9885cfd2350523fe8b72f67ebf5023263012af90108
x86_64
thunderbird-102.7.1-1.el9_0.x86_64.rpm SHA-256: b6654108b577b9e2cf460745d0a9b6638fa537da2bdb571a61b1c7e227ef75af
thunderbird-debuginfo-102.7.1-1.el9_0.x86_64.rpm SHA-256: 349990e93730af3494cb713e5f3aff3db64d4a8d3e28a7699c2aef35832aaf46
thunderbird-debugsource-102.7.1-1.el9_0.x86_64.rpm SHA-256: a50e84464ca7496cf31507771d9c43d9952bf706119d3f4c24cdbba29e107930

Red Hat Enterprise Linux for IBM z Systems - Extended Update Support 9.0

SRPM
thunderbird-102.7.1-1.el9_0.src.rpm SHA-256: 3aa82285ef2dc76f27dcd9885cfd2350523fe8b72f67ebf5023263012af90108
s390x
thunderbird-102.7.1-1.el9_0.s390x.rpm SHA-256: fdcf04f50a9ce51a605cbc40f3499367f547850c46ae0557035647b8e8b212d3
thunderbird-debuginfo-102.7.1-1.el9_0.s390x.rpm SHA-256: 3b50b4eb0c20ec159596932a0c67e948de0ac8fe2125e9cc896430a79837a089
thunderbird-debugsource-102.7.1-1.el9_0.s390x.rpm SHA-256: a1c0d0603a4a4e5d93443a72bdf07b634b220d4acc720e795b9c89f0d3570da4

Red Hat Enterprise Linux for Power, little endian - Extended Update Support 9.0

SRPM
thunderbird-102.7.1-1.el9_0.src.rpm SHA-256: 3aa82285ef2dc76f27dcd9885cfd2350523fe8b72f67ebf5023263012af90108
ppc64le
thunderbird-102.7.1-1.el9_0.ppc64le.rpm SHA-256: c587cb1549be546313618da3f6e5ddcd123be00d68078301c434a6390ee148ed
thunderbird-debuginfo-102.7.1-1.el9_0.ppc64le.rpm SHA-256: e624c056bf417e87a7c6b98ea8212b3949f249ad761b2dbc744b292cb3ae1039
thunderbird-debugsource-102.7.1-1.el9_0.ppc64le.rpm SHA-256: abc1e90f02fd2c2c7dd25f0990038f2c6a809bad37619baa50149972bc52873b

Red Hat Enterprise Linux for ARM 64 - Extended Update Support 9.0

SRPM
thunderbird-102.7.1-1.el9_0.src.rpm SHA-256: 3aa82285ef2dc76f27dcd9885cfd2350523fe8b72f67ebf5023263012af90108
aarch64
thunderbird-102.7.1-1.el9_0.aarch64.rpm SHA-256: c6b39f815e7590de271b44429393460c357e62093fe83c8291c8a3c2474917ec
thunderbird-debuginfo-102.7.1-1.el9_0.aarch64.rpm SHA-256: 39eddeba5b01812d98245f38d2a93873c3abd5f0d077a840784585af7b684f0b
thunderbird-debugsource-102.7.1-1.el9_0.aarch64.rpm SHA-256: 5bf894c39f1db04e71eae56647bb4eb4a1a74013934c9a2c2f39686e59ee8605

Red Hat Enterprise Linux Server for Power LE - Update Services for SAP Solutions 9.0

SRPM
thunderbird-102.7.1-1.el9_0.src.rpm SHA-256: 3aa82285ef2dc76f27dcd9885cfd2350523fe8b72f67ebf5023263012af90108
ppc64le
thunderbird-102.7.1-1.el9_0.ppc64le.rpm SHA-256: c587cb1549be546313618da3f6e5ddcd123be00d68078301c434a6390ee148ed
thunderbird-debuginfo-102.7.1-1.el9_0.ppc64le.rpm SHA-256: e624c056bf417e87a7c6b98ea8212b3949f249ad761b2dbc744b292cb3ae1039
thunderbird-debugsource-102.7.1-1.el9_0.ppc64le.rpm SHA-256: abc1e90f02fd2c2c7dd25f0990038f2c6a809bad37619baa50149972bc52873b

Red Hat Enterprise Linux for x86_64 - Update Services for SAP Solutions 9.0

SRPM
thunderbird-102.7.1-1.el9_0.src.rpm SHA-256: 3aa82285ef2dc76f27dcd9885cfd2350523fe8b72f67ebf5023263012af90108
x86_64
thunderbird-102.7.1-1.el9_0.x86_64.rpm SHA-256: b6654108b577b9e2cf460745d0a9b6638fa537da2bdb571a61b1c7e227ef75af
thunderbird-debuginfo-102.7.1-1.el9_0.x86_64.rpm SHA-256: 349990e93730af3494cb713e5f3aff3db64d4a8d3e28a7699c2aef35832aaf46
thunderbird-debugsource-102.7.1-1.el9_0.x86_64.rpm SHA-256: a50e84464ca7496cf31507771d9c43d9952bf706119d3f4c24cdbba29e107930

Red Hat Enterprise Linux Server for ARM 64 - 4 years of updates 9.0

SRPM
thunderbird-102.7.1-1.el9_0.src.rpm SHA-256: 3aa82285ef2dc76f27dcd9885cfd2350523fe8b72f67ebf5023263012af90108
aarch64
thunderbird-102.7.1-1.el9_0.aarch64.rpm SHA-256: c6b39f815e7590de271b44429393460c357e62093fe83c8291c8a3c2474917ec
thunderbird-debuginfo-102.7.1-1.el9_0.aarch64.rpm SHA-256: 39eddeba5b01812d98245f38d2a93873c3abd5f0d077a840784585af7b684f0b
thunderbird-debugsource-102.7.1-1.el9_0.aarch64.rpm SHA-256: 5bf894c39f1db04e71eae56647bb4eb4a1a74013934c9a2c2f39686e59ee8605

Red Hat Enterprise Linux Server for IBM z Systems - 4 years of updates 9.0

SRPM
thunderbird-102.7.1-1.el9_0.src.rpm SHA-256: 3aa82285ef2dc76f27dcd9885cfd2350523fe8b72f67ebf5023263012af90108
s390x
thunderbird-102.7.1-1.el9_0.s390x.rpm SHA-256: fdcf04f50a9ce51a605cbc40f3499367f547850c46ae0557035647b8e8b212d3
thunderbird-debuginfo-102.7.1-1.el9_0.s390x.rpm SHA-256: 3b50b4eb0c20ec159596932a0c67e948de0ac8fe2125e9cc896430a79837a089
thunderbird-debugsource-102.7.1-1.el9_0.s390x.rpm SHA-256: a1c0d0603a4a4e5d93443a72bdf07b634b220d4acc720e795b9c89f0d3570da4

The Red Hat security contact is secalert@redhat.com. More contact details at https://access.redhat.com/security/team/contact/.

Red Hat

Quick Links

  • Downloads
  • Subscriptions
  • Support Cases
  • Customer Service
  • Product Documentation

Help

  • Contact Us
  • Customer Portal FAQ
  • Log-in Assistance

Site Info

  • Trust Red Hat
  • Browser Support Policy
  • Accessibility
  • Awards and Recognition
  • Colophon

Related Sites

  • redhat.com
  • developers.redhat.com
  • connect.redhat.com
  • cloud.redhat.com

About

  • Red Hat Subscription Value
  • About Red Hat
  • Red Hat Jobs
2023
  • Privacy Statement
  • Customer Portal Terms of Use
  • All Policies and Guidelines
Twitter Facebook