Skip to navigation Skip to main content

Utilities

  • Subscriptions
  • Downloads
  • Containers
  • Support Cases
Red Hat Customer Portal
  • Subscriptions
  • Downloads
  • Containers
  • Support Cases
  • Products & Services

    Products

    Support

    • Production Support
    • Development Support
    • Product Life Cycles

    Services

    • Consulting
    • Technical Account Management
    • Training & Certifications

    Documentation

    • Red Hat Enterprise Linux
    • Red Hat JBoss Enterprise Application Platform
    • Red Hat OpenStack Platform
    • Red Hat OpenShift Container Platform
    All Documentation

    Ecosystem Catalog

    • Red Hat Partner Ecosystem
    • Partner Resources
  • Tools

    Tools

    • Troubleshoot a product issue
    • Packages
    • Errata

    Customer Portal Labs

    • Configuration
    • Deployment
    • Security
    • Troubleshoot
    All labs

    Red Hat Insights

    Increase visibility into IT operations to detect and resolve technical issues before they impact your business.

    Learn More
    Go to Insights
  • Security

    Red Hat Product Security Center

    Engage with our Red Hat Product Security team, access security updates, and ensure your environments are not exposed to any known security vulnerabilities.

    Product Security Center

    Security Updates

    • Security Advisories
    • Red Hat CVE Database
    • Security Labs

    Keep your systems secure with Red Hat's specialized responses to security vulnerabilities.

    View Responses

    Resources

    • Security Blog
    • Security Measurement
    • Severity Ratings
    • Backporting Policies
    • Product Signing (GPG) Keys
  • Community

    Customer Portal Community

    • Discussions
    • Private Groups
    Community Activity

    Customer Events

    • Red Hat Convergence
    • Red Hat Summit

    Stories

    • Red Hat Subscription Value
    • You Asked. We Acted.
    • Open Source Communities
Or troubleshoot an issue.

Select Your Language

  • English
  • 한국어
  • 日本語
  • 中文 (中国)

Infrastructure and Management

  • Red Hat Enterprise Linux
  • Red Hat Virtualization
  • Red Hat Identity Management
  • Red Hat Directory Server
  • Red Hat Certificate System
  • Red Hat Satellite
  • Red Hat Subscription Management
  • Red Hat Update Infrastructure
  • Red Hat Insights
  • Red Hat Ansible Automation Platform

Cloud Computing

  • Red Hat OpenShift
  • Red Hat CloudForms
  • Red Hat OpenStack Platform
  • Red Hat OpenShift Container Platform
  • Red Hat OpenShift Data Science
  • Red Hat OpenShift Online
  • Red Hat OpenShift Dedicated
  • Red Hat Advanced Cluster Security for Kubernetes
  • Red Hat Advanced Cluster Management for Kubernetes
  • Red Hat Quay
  • Red Hat CodeReady Workspaces
  • Red Hat OpenShift Service on AWS

Storage

  • Red Hat Gluster Storage
  • Red Hat Hyperconverged Infrastructure
  • Red Hat Ceph Storage
  • Red Hat OpenShift Data Foundation

Runtimes

  • Red Hat Runtimes
  • Red Hat JBoss Enterprise Application Platform
  • Red Hat Data Grid
  • Red Hat JBoss Web Server
  • Red Hat Single Sign On
  • Red Hat support for Spring Boot
  • Red Hat build of Node.js
  • Red Hat build of Thorntail
  • Red Hat build of Eclipse Vert.x
  • Red Hat build of OpenJDK
  • Red Hat build of Quarkus

Integration and Automation

  • Red Hat Integration
  • Red Hat Fuse
  • Red Hat AMQ
  • Red Hat 3scale API Management
  • Red Hat JBoss Data Virtualization
  • Red Hat Process Automation
  • Red Hat Process Automation Manager
  • Red Hat Decision Manager
All Products
Red Hat Product Errata RHSA-2023:0476 - Security Advisory
Issued:
2023-01-26
Updated:
2023-01-26

RHSA-2023:0476 - Security Advisory

  • Overview
  • Updated Packages

Synopsis

Important: thunderbird security update

Type/Severity

Security Advisory: Important

Red Hat Insights patch analysis

Identify and remediate systems affected by this advisory.

View affected systems

Topic

An update for thunderbird is now available for Red Hat Enterprise Linux 9.

Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.

Description

Mozilla Thunderbird is a standalone mail and newsgroup client.

This update upgrades Thunderbird to version 102.7.1.

Security Fix(es):

  • Mozilla: libusrsctp library out of date (CVE-2022-46871)
  • Mozilla: Arbitrary file read from GTK drag and drop on Linux (CVE-2023-23598)
  • Mozilla: Memory safety bugs fixed in Firefox 109 and Firefox ESR 102.7 (CVE-2023-23605)
  • Mozilla: Malicious command could be hidden in devtools output (CVE-2023-23599)
  • Mozilla: URL being dragged from cross-origin iframe into same tab triggers navigation (CVE-2023-23601)
  • Mozilla: Content Security Policy wasn't being correctly applied to WebSockets in WebWorkers (CVE-2023-23602)
  • Mozilla: Fullscreen notification bypass (CVE-2022-46877)
  • Mozilla: Calls to <code>console.log</code> allowed bypasing Content Security Policy via format directive (CVE-2023-23603)

For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.

Solution

For details on how to apply this update, which includes the changes described in this advisory, refer to:

https://access.redhat.com/articles/11258

All running instances of Thunderbird must be restarted for the update to take effect.

Affected Products

  • Red Hat Enterprise Linux for x86_64 9 x86_64
  • Red Hat Enterprise Linux for x86_64 - Extended Update Support 9.2 x86_64
  • Red Hat Enterprise Linux Server - AUS 9.2 x86_64
  • Red Hat Enterprise Linux for IBM z Systems 9 s390x
  • Red Hat Enterprise Linux for IBM z Systems - Extended Update Support 9.2 s390x
  • Red Hat Enterprise Linux for Power, little endian 9 ppc64le
  • Red Hat Enterprise Linux for Power, little endian - Extended Update Support 9.2 ppc64le
  • Red Hat Enterprise Linux for ARM 64 9 aarch64
  • Red Hat Enterprise Linux for ARM 64 - Extended Update Support 9.2 aarch64
  • Red Hat Enterprise Linux Server for Power LE - Update Services for SAP Solutions 9.2 ppc64le
  • Red Hat Enterprise Linux for x86_64 - Update Services for SAP Solutions 9.2 x86_64
  • Red Hat Enterprise Linux Server for ARM 64 - 4 years of updates 9.2 aarch64
  • Red Hat Enterprise Linux Server for IBM z Systems - 4 years of updates 9.2 s390x

Fixes

  • BZ - 2162336 - CVE-2022-46871 Mozilla: libusrsctp library out of date
  • BZ - 2162338 - CVE-2023-23598 Mozilla: Arbitrary file read from GTK drag and drop on Linux
  • BZ - 2162339 - CVE-2023-23599 Mozilla: Malicious command could be hidden in devtools output
  • BZ - 2162340 - CVE-2023-23601 Mozilla: URL being dragged from cross-origin iframe into same tab triggers navigation
  • BZ - 2162341 - CVE-2023-23602 Mozilla: Content Security Policy wasn't being correctly applied to WebSockets in WebWorkers
  • BZ - 2162342 - CVE-2022-46877 Mozilla: Fullscreen notification bypass
  • BZ - 2162343 - CVE-2023-23603 Mozilla: Calls to <code>console.log</code> allowed bypasing Content Security Policy via format directive
  • BZ - 2162344 - CVE-2023-23605 Mozilla: Memory safety bugs fixed in Firefox 109 and Firefox ESR 102.7

CVEs

  • CVE-2022-46871
  • CVE-2022-46877
  • CVE-2023-23598
  • CVE-2023-23599
  • CVE-2023-23601
  • CVE-2023-23602
  • CVE-2023-23603
  • CVE-2023-23605

References

  • https://access.redhat.com/security/updates/classification/#important
Note: More recent versions of these packages may be available. Click a package name for more details.

Red Hat Enterprise Linux for x86_64 9

SRPM
thunderbird-102.7.1-1.el9_1.src.rpm SHA-256: bea7e62de117d77cee111727c382b7af4b94d24e4eb2b5955482bfd418c0f2eb
x86_64
thunderbird-102.7.1-1.el9_1.x86_64.rpm SHA-256: d5d83c725233231653334f43a8aa4e891caf551d7d8c07caa5cf78a04b3321dd
thunderbird-debuginfo-102.7.1-1.el9_1.x86_64.rpm SHA-256: 121a6ee05c6b2ed7f85ade9d6ee1c193a7090ec4f4479318df7515913af41119
thunderbird-debugsource-102.7.1-1.el9_1.x86_64.rpm SHA-256: a905709a9696b69bf8e0ae6537dd607ab3efa28475063ff882fe891543708394

Red Hat Enterprise Linux for x86_64 - Extended Update Support 9.2

SRPM
thunderbird-102.7.1-1.el9_1.src.rpm SHA-256: bea7e62de117d77cee111727c382b7af4b94d24e4eb2b5955482bfd418c0f2eb
x86_64
thunderbird-102.7.1-1.el9_1.x86_64.rpm SHA-256: d5d83c725233231653334f43a8aa4e891caf551d7d8c07caa5cf78a04b3321dd
thunderbird-debuginfo-102.7.1-1.el9_1.x86_64.rpm SHA-256: 121a6ee05c6b2ed7f85ade9d6ee1c193a7090ec4f4479318df7515913af41119
thunderbird-debugsource-102.7.1-1.el9_1.x86_64.rpm SHA-256: a905709a9696b69bf8e0ae6537dd607ab3efa28475063ff882fe891543708394

Red Hat Enterprise Linux Server - AUS 9.2

SRPM
thunderbird-102.7.1-1.el9_1.src.rpm SHA-256: bea7e62de117d77cee111727c382b7af4b94d24e4eb2b5955482bfd418c0f2eb
x86_64
thunderbird-102.7.1-1.el9_1.x86_64.rpm SHA-256: d5d83c725233231653334f43a8aa4e891caf551d7d8c07caa5cf78a04b3321dd
thunderbird-debuginfo-102.7.1-1.el9_1.x86_64.rpm SHA-256: 121a6ee05c6b2ed7f85ade9d6ee1c193a7090ec4f4479318df7515913af41119
thunderbird-debugsource-102.7.1-1.el9_1.x86_64.rpm SHA-256: a905709a9696b69bf8e0ae6537dd607ab3efa28475063ff882fe891543708394

Red Hat Enterprise Linux for IBM z Systems 9

SRPM
thunderbird-102.7.1-1.el9_1.src.rpm SHA-256: bea7e62de117d77cee111727c382b7af4b94d24e4eb2b5955482bfd418c0f2eb
s390x
thunderbird-102.7.1-1.el9_1.s390x.rpm SHA-256: ea3479019e7edc4c1ad40c49d8b9632f06204db42f76505dba671fd85749af00
thunderbird-debuginfo-102.7.1-1.el9_1.s390x.rpm SHA-256: a0a126bbaec7ee4fe68bd341840b516367699b505a338748c4dd463633c838f3
thunderbird-debugsource-102.7.1-1.el9_1.s390x.rpm SHA-256: c83f908e041763e058ff8d1c75ffa755401932a07bc45dd30a70f01c6083b565

Red Hat Enterprise Linux for IBM z Systems - Extended Update Support 9.2

SRPM
thunderbird-102.7.1-1.el9_1.src.rpm SHA-256: bea7e62de117d77cee111727c382b7af4b94d24e4eb2b5955482bfd418c0f2eb
s390x
thunderbird-102.7.1-1.el9_1.s390x.rpm SHA-256: ea3479019e7edc4c1ad40c49d8b9632f06204db42f76505dba671fd85749af00
thunderbird-debuginfo-102.7.1-1.el9_1.s390x.rpm SHA-256: a0a126bbaec7ee4fe68bd341840b516367699b505a338748c4dd463633c838f3
thunderbird-debugsource-102.7.1-1.el9_1.s390x.rpm SHA-256: c83f908e041763e058ff8d1c75ffa755401932a07bc45dd30a70f01c6083b565

Red Hat Enterprise Linux for Power, little endian 9

SRPM
thunderbird-102.7.1-1.el9_1.src.rpm SHA-256: bea7e62de117d77cee111727c382b7af4b94d24e4eb2b5955482bfd418c0f2eb
ppc64le
thunderbird-102.7.1-1.el9_1.ppc64le.rpm SHA-256: 55ea220267979070dd84ec47025e7149546f7efb7c1b0bdb84a8a39536d1671b
thunderbird-debuginfo-102.7.1-1.el9_1.ppc64le.rpm SHA-256: 90eba64bd53b6e6450b78d1f1af0236555a3953f1d1abab69ffb6ceac83a7e99
thunderbird-debugsource-102.7.1-1.el9_1.ppc64le.rpm SHA-256: cdbde32d50f456ea675a66f122fe727efeba51a9176ea5f45ea7e99475836063

Red Hat Enterprise Linux for Power, little endian - Extended Update Support 9.2

SRPM
thunderbird-102.7.1-1.el9_1.src.rpm SHA-256: bea7e62de117d77cee111727c382b7af4b94d24e4eb2b5955482bfd418c0f2eb
ppc64le
thunderbird-102.7.1-1.el9_1.ppc64le.rpm SHA-256: 55ea220267979070dd84ec47025e7149546f7efb7c1b0bdb84a8a39536d1671b
thunderbird-debuginfo-102.7.1-1.el9_1.ppc64le.rpm SHA-256: 90eba64bd53b6e6450b78d1f1af0236555a3953f1d1abab69ffb6ceac83a7e99
thunderbird-debugsource-102.7.1-1.el9_1.ppc64le.rpm SHA-256: cdbde32d50f456ea675a66f122fe727efeba51a9176ea5f45ea7e99475836063

Red Hat Enterprise Linux for ARM 64 9

SRPM
thunderbird-102.7.1-1.el9_1.src.rpm SHA-256: bea7e62de117d77cee111727c382b7af4b94d24e4eb2b5955482bfd418c0f2eb
aarch64
thunderbird-102.7.1-1.el9_1.aarch64.rpm SHA-256: b3ae792cade06e7cb9dad11cb0b924be833f157d95a0c34181f916c3127bca5a
thunderbird-debuginfo-102.7.1-1.el9_1.aarch64.rpm SHA-256: 0c87d4e307cd8abb2a282682a2c42fb2c29ce08484e603a7c16f66772177a7d9
thunderbird-debugsource-102.7.1-1.el9_1.aarch64.rpm SHA-256: 3f85808fa0f12bb4dd9be3e9d7a8035dc168bbbcb5287950db44e4306e391b53

Red Hat Enterprise Linux for ARM 64 - Extended Update Support 9.2

SRPM
thunderbird-102.7.1-1.el9_1.src.rpm SHA-256: bea7e62de117d77cee111727c382b7af4b94d24e4eb2b5955482bfd418c0f2eb
aarch64
thunderbird-102.7.1-1.el9_1.aarch64.rpm SHA-256: b3ae792cade06e7cb9dad11cb0b924be833f157d95a0c34181f916c3127bca5a
thunderbird-debuginfo-102.7.1-1.el9_1.aarch64.rpm SHA-256: 0c87d4e307cd8abb2a282682a2c42fb2c29ce08484e603a7c16f66772177a7d9
thunderbird-debugsource-102.7.1-1.el9_1.aarch64.rpm SHA-256: 3f85808fa0f12bb4dd9be3e9d7a8035dc168bbbcb5287950db44e4306e391b53

Red Hat Enterprise Linux Server for Power LE - Update Services for SAP Solutions 9.2

SRPM
thunderbird-102.7.1-1.el9_1.src.rpm SHA-256: bea7e62de117d77cee111727c382b7af4b94d24e4eb2b5955482bfd418c0f2eb
ppc64le
thunderbird-102.7.1-1.el9_1.ppc64le.rpm SHA-256: 55ea220267979070dd84ec47025e7149546f7efb7c1b0bdb84a8a39536d1671b
thunderbird-debuginfo-102.7.1-1.el9_1.ppc64le.rpm SHA-256: 90eba64bd53b6e6450b78d1f1af0236555a3953f1d1abab69ffb6ceac83a7e99
thunderbird-debugsource-102.7.1-1.el9_1.ppc64le.rpm SHA-256: cdbde32d50f456ea675a66f122fe727efeba51a9176ea5f45ea7e99475836063

Red Hat Enterprise Linux for x86_64 - Update Services for SAP Solutions 9.2

SRPM
thunderbird-102.7.1-1.el9_1.src.rpm SHA-256: bea7e62de117d77cee111727c382b7af4b94d24e4eb2b5955482bfd418c0f2eb
x86_64
thunderbird-102.7.1-1.el9_1.x86_64.rpm SHA-256: d5d83c725233231653334f43a8aa4e891caf551d7d8c07caa5cf78a04b3321dd
thunderbird-debuginfo-102.7.1-1.el9_1.x86_64.rpm SHA-256: 121a6ee05c6b2ed7f85ade9d6ee1c193a7090ec4f4479318df7515913af41119
thunderbird-debugsource-102.7.1-1.el9_1.x86_64.rpm SHA-256: a905709a9696b69bf8e0ae6537dd607ab3efa28475063ff882fe891543708394

Red Hat Enterprise Linux Server for ARM 64 - 4 years of updates 9.2

SRPM
thunderbird-102.7.1-1.el9_1.src.rpm SHA-256: bea7e62de117d77cee111727c382b7af4b94d24e4eb2b5955482bfd418c0f2eb
aarch64
thunderbird-102.7.1-1.el9_1.aarch64.rpm SHA-256: b3ae792cade06e7cb9dad11cb0b924be833f157d95a0c34181f916c3127bca5a
thunderbird-debuginfo-102.7.1-1.el9_1.aarch64.rpm SHA-256: 0c87d4e307cd8abb2a282682a2c42fb2c29ce08484e603a7c16f66772177a7d9
thunderbird-debugsource-102.7.1-1.el9_1.aarch64.rpm SHA-256: 3f85808fa0f12bb4dd9be3e9d7a8035dc168bbbcb5287950db44e4306e391b53

Red Hat Enterprise Linux Server for IBM z Systems - 4 years of updates 9.2

SRPM
thunderbird-102.7.1-1.el9_1.src.rpm SHA-256: bea7e62de117d77cee111727c382b7af4b94d24e4eb2b5955482bfd418c0f2eb
s390x
thunderbird-102.7.1-1.el9_1.s390x.rpm SHA-256: ea3479019e7edc4c1ad40c49d8b9632f06204db42f76505dba671fd85749af00
thunderbird-debuginfo-102.7.1-1.el9_1.s390x.rpm SHA-256: a0a126bbaec7ee4fe68bd341840b516367699b505a338748c4dd463633c838f3
thunderbird-debugsource-102.7.1-1.el9_1.s390x.rpm SHA-256: c83f908e041763e058ff8d1c75ffa755401932a07bc45dd30a70f01c6083b565

The Red Hat security contact is secalert@redhat.com. More contact details at https://access.redhat.com/security/team/contact/.

Red Hat

Quick Links

  • Downloads
  • Subscriptions
  • Support Cases
  • Customer Service
  • Product Documentation

Help

  • Contact Us
  • Customer Portal FAQ
  • Log-in Assistance

Site Info

  • Trust Red Hat
  • Browser Support Policy
  • Accessibility
  • Awards and Recognition
  • Colophon

Related Sites

  • redhat.com
  • developers.redhat.com
  • connect.redhat.com
  • cloud.redhat.com

About

  • Red Hat Subscription Value
  • About Red Hat
  • Red Hat Jobs
2023
  • Privacy Statement
  • Customer Portal Terms of Use
  • All Policies and Guidelines
Twitter Facebook