Red Hat Product Errata RHSA-2023:3221 - Security Advisory
Issued:
2023-05-18
Updated:
2023-05-18

RHSA-2023:3221 - Security Advisory

Synopsis

Important: thunderbird security update

Type/Severity

Security Advisory: Important

Red Hat Insights patch analysis

Identify and remediate systems affected by this advisory.

View affected systems

Topic

An update for thunderbird is now available for Red Hat Enterprise Linux 8.

Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.

Description

Mozilla Thunderbird is a standalone mail and newsgroup client.

This update upgrades Thunderbird to version 102.11.0.

Security Fix(es):

  • Mozilla: Browser prompts could have been obscured by popups (CVE-2023-32205)
  • Mozilla: Crash in RLBox Expat driver (CVE-2023-32206)
  • Mozilla: Potential permissions request bypass via clickjacking (CVE-2023-32207)
  • Mozilla: Memory safety bugs fixed in Firefox 113 and Firefox ESR 102.11 (CVE-2023-32215)
  • Mozilla: Content process crash due to invalid wasm code (CVE-2023-32211)
  • Mozilla: Potential spoof due to obscured address bar (CVE-2023-32212)
  • Mozilla: Potential memory corruption in FileReader::DoReadData() (CVE-2023-32213)

For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.

Solution

For details on how to apply this update, which includes the changes described in this advisory, refer to:

https://access.redhat.com/articles/11258

All running instances of Thunderbird must be restarted for the update to take effect.

Affected Products

  • Red Hat Enterprise Linux for x86_64 8 x86_64
  • Red Hat Enterprise Linux for x86_64 - Extended Update Support 8.8 x86_64
  • Red Hat Enterprise Linux for x86_64 - Extended Update Support Extension 8.8 x86_64
  • Red Hat Enterprise Linux for IBM z Systems 8 s390x
  • Red Hat Enterprise Linux for IBM z Systems - Extended Update Support 8.8 s390x
  • Red Hat Enterprise Linux for Power, little endian 8 ppc64le
  • Red Hat Enterprise Linux for Power, little endian - Extended Update Support 8.8 ppc64le
  • Red Hat Enterprise Linux Server - TUS 8.8 x86_64
  • Red Hat Enterprise Linux for ARM 64 8 aarch64
  • Red Hat Enterprise Linux for ARM 64 - Extended Update Support 8.8 aarch64
  • Red Hat Enterprise Linux Server for Power LE - Update Services for SAP Solutions 8.8 ppc64le
  • Red Hat Enterprise Linux for x86_64 - Update Services for SAP Solutions 8.8 x86_64

Fixes

  • BZ - 2196736 - CVE-2023-32205 Mozilla: Browser prompts could have been obscured by popups
  • BZ - 2196737 - CVE-2023-32206 Mozilla: Crash in RLBox Expat driver
  • BZ - 2196738 - CVE-2023-32207 Mozilla: Potential permissions request bypass via clickjacking
  • BZ - 2196740 - CVE-2023-32211 Mozilla: Content process crash due to invalid wasm code
  • BZ - 2196741 - CVE-2023-32212 Mozilla: Potential spoof due to obscured address bar
  • BZ - 2196742 - CVE-2023-32213 Mozilla: Potential memory corruption in FileReader::DoReadData()
  • BZ - 2196753 - CVE-2023-32215 Mozilla: Memory safety bugs fixed in Firefox 113 and Firefox ESR 102.11

Red Hat Enterprise Linux for x86_64 8

SRPM
thunderbird-102.11.0-1.el8_7.src.rpm SHA-256: bad6c8f7ad85e37e9305ee34d085df612dca88974b727be57a9147dd95878716
x86_64
thunderbird-102.11.0-1.el8_7.x86_64.rpm SHA-256: 865ff4a345fba124efab288e4300d2f8cbea33dd3c9f000f112ff190a0b55c76
thunderbird-debuginfo-102.11.0-1.el8_7.x86_64.rpm SHA-256: cd30136b72cd12c7c56c624cdc0a90cbe73b769087138ea6fc92eca3c0091481
thunderbird-debugsource-102.11.0-1.el8_7.x86_64.rpm SHA-256: af07bcc2cc18dff3798ab27f48292466213a5af208b4eed71f538868a9b9ee44

Red Hat Enterprise Linux for x86_64 - Extended Update Support 8.8

SRPM
thunderbird-102.11.0-1.el8_7.src.rpm SHA-256: bad6c8f7ad85e37e9305ee34d085df612dca88974b727be57a9147dd95878716
x86_64
thunderbird-102.11.0-1.el8_7.x86_64.rpm SHA-256: 865ff4a345fba124efab288e4300d2f8cbea33dd3c9f000f112ff190a0b55c76
thunderbird-debuginfo-102.11.0-1.el8_7.x86_64.rpm SHA-256: cd30136b72cd12c7c56c624cdc0a90cbe73b769087138ea6fc92eca3c0091481
thunderbird-debugsource-102.11.0-1.el8_7.x86_64.rpm SHA-256: af07bcc2cc18dff3798ab27f48292466213a5af208b4eed71f538868a9b9ee44

Red Hat Enterprise Linux for x86_64 - Extended Update Support Extension 8.8

SRPM
thunderbird-102.11.0-1.el8_7.src.rpm SHA-256: bad6c8f7ad85e37e9305ee34d085df612dca88974b727be57a9147dd95878716
x86_64
thunderbird-102.11.0-1.el8_7.x86_64.rpm SHA-256: 865ff4a345fba124efab288e4300d2f8cbea33dd3c9f000f112ff190a0b55c76
thunderbird-debuginfo-102.11.0-1.el8_7.x86_64.rpm SHA-256: cd30136b72cd12c7c56c624cdc0a90cbe73b769087138ea6fc92eca3c0091481
thunderbird-debugsource-102.11.0-1.el8_7.x86_64.rpm SHA-256: af07bcc2cc18dff3798ab27f48292466213a5af208b4eed71f538868a9b9ee44

Red Hat Enterprise Linux for IBM z Systems 8

SRPM
thunderbird-102.11.0-1.el8_7.src.rpm SHA-256: bad6c8f7ad85e37e9305ee34d085df612dca88974b727be57a9147dd95878716
s390x
thunderbird-102.11.0-1.el8_7.s390x.rpm SHA-256: 1ed5f1fb7bdf43dbf04841e5ff91fe100413c8dafae98cc13c4f4e03600a9410
thunderbird-debuginfo-102.11.0-1.el8_7.s390x.rpm SHA-256: dc23b840145abf4aa174df04f80033448dfb40d67e48b6f44f03255c9ff14150
thunderbird-debugsource-102.11.0-1.el8_7.s390x.rpm SHA-256: ab8dfe2327c80d5651202680d9bc28bb05ac72e4d7b8f1e7306906bf8caaffa1

Red Hat Enterprise Linux for IBM z Systems - Extended Update Support 8.8

SRPM
thunderbird-102.11.0-1.el8_7.src.rpm SHA-256: bad6c8f7ad85e37e9305ee34d085df612dca88974b727be57a9147dd95878716
s390x
thunderbird-102.11.0-1.el8_7.s390x.rpm SHA-256: 1ed5f1fb7bdf43dbf04841e5ff91fe100413c8dafae98cc13c4f4e03600a9410
thunderbird-debuginfo-102.11.0-1.el8_7.s390x.rpm SHA-256: dc23b840145abf4aa174df04f80033448dfb40d67e48b6f44f03255c9ff14150
thunderbird-debugsource-102.11.0-1.el8_7.s390x.rpm SHA-256: ab8dfe2327c80d5651202680d9bc28bb05ac72e4d7b8f1e7306906bf8caaffa1

Red Hat Enterprise Linux for Power, little endian 8

SRPM
thunderbird-102.11.0-1.el8_7.src.rpm SHA-256: bad6c8f7ad85e37e9305ee34d085df612dca88974b727be57a9147dd95878716
ppc64le
thunderbird-102.11.0-1.el8_7.ppc64le.rpm SHA-256: 16a1b6caf1d89ad4d57dc5a759b18f01b8e9dd61905315bc28ab8c785fd51738
thunderbird-debuginfo-102.11.0-1.el8_7.ppc64le.rpm SHA-256: d7fb33e29b042cd20295c3ef46c382b968279e6fad29e6c4d11386cafb1c2078
thunderbird-debugsource-102.11.0-1.el8_7.ppc64le.rpm SHA-256: 77d15260a069ceb625c6feb3ea3f750030cb215508c3c9af4adb457dc7009ac2

Red Hat Enterprise Linux for Power, little endian - Extended Update Support 8.8

SRPM
thunderbird-102.11.0-1.el8_7.src.rpm SHA-256: bad6c8f7ad85e37e9305ee34d085df612dca88974b727be57a9147dd95878716
ppc64le
thunderbird-102.11.0-1.el8_7.ppc64le.rpm SHA-256: 16a1b6caf1d89ad4d57dc5a759b18f01b8e9dd61905315bc28ab8c785fd51738
thunderbird-debuginfo-102.11.0-1.el8_7.ppc64le.rpm SHA-256: d7fb33e29b042cd20295c3ef46c382b968279e6fad29e6c4d11386cafb1c2078
thunderbird-debugsource-102.11.0-1.el8_7.ppc64le.rpm SHA-256: 77d15260a069ceb625c6feb3ea3f750030cb215508c3c9af4adb457dc7009ac2

Red Hat Enterprise Linux Server - TUS 8.8

SRPM
thunderbird-102.11.0-1.el8_7.src.rpm SHA-256: bad6c8f7ad85e37e9305ee34d085df612dca88974b727be57a9147dd95878716
x86_64
thunderbird-102.11.0-1.el8_7.x86_64.rpm SHA-256: 865ff4a345fba124efab288e4300d2f8cbea33dd3c9f000f112ff190a0b55c76
thunderbird-debuginfo-102.11.0-1.el8_7.x86_64.rpm SHA-256: cd30136b72cd12c7c56c624cdc0a90cbe73b769087138ea6fc92eca3c0091481
thunderbird-debugsource-102.11.0-1.el8_7.x86_64.rpm SHA-256: af07bcc2cc18dff3798ab27f48292466213a5af208b4eed71f538868a9b9ee44

Red Hat Enterprise Linux for ARM 64 8

SRPM
thunderbird-102.11.0-1.el8_7.src.rpm SHA-256: bad6c8f7ad85e37e9305ee34d085df612dca88974b727be57a9147dd95878716
aarch64
thunderbird-102.11.0-1.el8_7.aarch64.rpm SHA-256: 5130c9c6e2aaa0f73b72787978b10f83eaf77d6bc3a4607210eec2d4f58f04ec
thunderbird-debuginfo-102.11.0-1.el8_7.aarch64.rpm SHA-256: 63e06279c9930dd846f3489540161755d99e0006580989880b0454817bb1f555
thunderbird-debugsource-102.11.0-1.el8_7.aarch64.rpm SHA-256: cc262dde7503e4f9276ce14270ad463e904b663549f41336f5c92f7ba3e1a853

Red Hat Enterprise Linux for ARM 64 - Extended Update Support 8.8

SRPM
thunderbird-102.11.0-1.el8_7.src.rpm SHA-256: bad6c8f7ad85e37e9305ee34d085df612dca88974b727be57a9147dd95878716
aarch64
thunderbird-102.11.0-1.el8_7.aarch64.rpm SHA-256: 5130c9c6e2aaa0f73b72787978b10f83eaf77d6bc3a4607210eec2d4f58f04ec
thunderbird-debuginfo-102.11.0-1.el8_7.aarch64.rpm SHA-256: 63e06279c9930dd846f3489540161755d99e0006580989880b0454817bb1f555
thunderbird-debugsource-102.11.0-1.el8_7.aarch64.rpm SHA-256: cc262dde7503e4f9276ce14270ad463e904b663549f41336f5c92f7ba3e1a853

Red Hat Enterprise Linux Server for Power LE - Update Services for SAP Solutions 8.8

SRPM
thunderbird-102.11.0-1.el8_7.src.rpm SHA-256: bad6c8f7ad85e37e9305ee34d085df612dca88974b727be57a9147dd95878716
ppc64le
thunderbird-102.11.0-1.el8_7.ppc64le.rpm SHA-256: 16a1b6caf1d89ad4d57dc5a759b18f01b8e9dd61905315bc28ab8c785fd51738
thunderbird-debuginfo-102.11.0-1.el8_7.ppc64le.rpm SHA-256: d7fb33e29b042cd20295c3ef46c382b968279e6fad29e6c4d11386cafb1c2078
thunderbird-debugsource-102.11.0-1.el8_7.ppc64le.rpm SHA-256: 77d15260a069ceb625c6feb3ea3f750030cb215508c3c9af4adb457dc7009ac2

Red Hat Enterprise Linux for x86_64 - Update Services for SAP Solutions 8.8

SRPM
thunderbird-102.11.0-1.el8_7.src.rpm SHA-256: bad6c8f7ad85e37e9305ee34d085df612dca88974b727be57a9147dd95878716
x86_64
thunderbird-102.11.0-1.el8_7.x86_64.rpm SHA-256: 865ff4a345fba124efab288e4300d2f8cbea33dd3c9f000f112ff190a0b55c76
thunderbird-debuginfo-102.11.0-1.el8_7.x86_64.rpm SHA-256: cd30136b72cd12c7c56c624cdc0a90cbe73b769087138ea6fc92eca3c0091481
thunderbird-debugsource-102.11.0-1.el8_7.x86_64.rpm SHA-256: af07bcc2cc18dff3798ab27f48292466213a5af208b4eed71f538868a9b9ee44

The Red Hat security contact is secalert@redhat.com. More contact details at https://access.redhat.com/security/team/contact/.