Red Hat Product Errata RHSA-2023:7501 - Security Advisory
Issued:
2023-11-27
Updated:
2023-11-27

RHSA-2023:7501 - Security Advisory

Synopsis

Important: thunderbird security update

Type/Severity

Security Advisory: Important

Red Hat Insights patch analysis

Identify and remediate systems affected by this advisory.

View affected systems

Topic

An update for thunderbird is now available for Red Hat Enterprise Linux 9.

Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.

Description

Mozilla Thunderbird is a standalone mail and newsgroup client.

This update upgrades Thunderbird to version 115.5.0.

Security Fix(es):

  • Mozilla: Out-of-bound memory access in WebGL2 blitFramebuffer (CVE-2023-6204)
  • Mozilla: Use-after-free in MessagePort::Entangled (CVE-2023-6205)
  • Mozilla: Clickjacking permission prompts using the fullscreen transition (CVE-2023-6206)
  • Mozilla: Use-after-free in ReadableByteStreamQueueEntry::Buffer (CVE-2023-6207)
  • Mozilla: Memory safety bugs fixed in Firefox 120, Firefox ESR 115.5, and Thunderbird 115.5 (CVE-2023-6212)
  • Mozilla: Using Selection API would copy contents into X11 primary selection. (CVE-2023-6208)
  • Mozilla: Incorrect parsing of relative URLs starting with "///" (CVE-2023-6209)

For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.

Solution

For details on how to apply this update, which includes the changes described in this advisory, refer to:

https://access.redhat.com/articles/11258

All running instances of Thunderbird must be restarted for the update to take effect.

Affected Products

  • Red Hat Enterprise Linux for x86_64 9 x86_64
  • Red Hat Enterprise Linux for x86_64 - Extended Update Support 9.6 x86_64
  • Red Hat Enterprise Linux for x86_64 - Extended Update Support 9.4 x86_64
  • Red Hat Enterprise Linux Server - AUS 9.6 x86_64
  • Red Hat Enterprise Linux Server - AUS 9.4 x86_64
  • Red Hat Enterprise Linux for IBM z Systems 9 s390x
  • Red Hat Enterprise Linux for IBM z Systems - Extended Update Support 9.6 s390x
  • Red Hat Enterprise Linux for IBM z Systems - Extended Update Support 9.4 s390x
  • Red Hat Enterprise Linux for Power, little endian 9 ppc64le
  • Red Hat Enterprise Linux for Power, little endian - Extended Update Support 9.6 ppc64le
  • Red Hat Enterprise Linux for Power, little endian - Extended Update Support 9.4 ppc64le
  • Red Hat Enterprise Linux for ARM 64 9 aarch64
  • Red Hat Enterprise Linux for ARM 64 - Extended Update Support 9.6 aarch64
  • Red Hat Enterprise Linux for ARM 64 - Extended Update Support 9.4 aarch64
  • Red Hat Enterprise Linux Server for Power LE - Update Services for SAP Solutions 9.6 ppc64le
  • Red Hat Enterprise Linux Server for Power LE - Update Services for SAP Solutions 9.4 ppc64le
  • Red Hat Enterprise Linux for x86_64 - Update Services for SAP Solutions 9.6 x86_64
  • Red Hat Enterprise Linux for x86_64 - Update Services for SAP Solutions 9.4 x86_64
  • Red Hat Enterprise Linux for ARM 64 - 4 years of updates 9.6 aarch64
  • Red Hat Enterprise Linux for ARM 64 - 4 years of updates 9.4 aarch64
  • Red Hat Enterprise Linux for IBM z Systems - 4 years of updates 9.6 s390x
  • Red Hat Enterprise Linux for IBM z Systems - 4 years of updates 9.4 s390x

Fixes

  • BZ - 2250896 - CVE-2023-6204 Mozilla: Out-of-bound memory access in WebGL2 blitFramebuffer
  • BZ - 2250897 - CVE-2023-6205 Mozilla: Use-after-free in MessagePort::Entangled
  • BZ - 2250898 - CVE-2023-6206 Mozilla: Clickjacking permission prompts using the fullscreen transition
  • BZ - 2250899 - CVE-2023-6207 Mozilla: Use-after-free in ReadableByteStreamQueueEntry::Buffer
  • BZ - 2250900 - CVE-2023-6208 Mozilla: Using Selection API would copy contents into X11 primary selection.
  • BZ - 2250901 - CVE-2023-6209 Mozilla: Incorrect parsing of relative URLs starting with "///"
  • BZ - 2250902 - CVE-2023-6212 Mozilla: Memory safety bugs fixed in Firefox 120, Firefox ESR 115.5, and Thunderbird 115.5

Red Hat Enterprise Linux for x86_64 9

SRPM
thunderbird-115.5.0-1.el9_3.src.rpm SHA-256: 7aeb86b4eb118f3089ebc129ebab51bfede5e8595dcc236ab32343019ad40b39
x86_64
thunderbird-115.5.0-1.el9_3.x86_64.rpm SHA-256: 93e76cec7ad82ddeb008e85e23b7c0f3bf6b6a8a16014ee89490ea030d55510d
thunderbird-debuginfo-115.5.0-1.el9_3.x86_64.rpm SHA-256: c833149670f463ab34a17ce470ded3a47b890656ed026b9788d7a7fa2f7fcf61
thunderbird-debugsource-115.5.0-1.el9_3.x86_64.rpm SHA-256: 3c8056df26ae8b87911ead69298d307921ce7d1414926f7b2a901c899c855f16

Red Hat Enterprise Linux for x86_64 - Extended Update Support 9.6

SRPM
thunderbird-115.5.0-1.el9_3.src.rpm SHA-256: 7aeb86b4eb118f3089ebc129ebab51bfede5e8595dcc236ab32343019ad40b39
x86_64
thunderbird-115.5.0-1.el9_3.x86_64.rpm SHA-256: 93e76cec7ad82ddeb008e85e23b7c0f3bf6b6a8a16014ee89490ea030d55510d
thunderbird-debuginfo-115.5.0-1.el9_3.x86_64.rpm SHA-256: c833149670f463ab34a17ce470ded3a47b890656ed026b9788d7a7fa2f7fcf61
thunderbird-debugsource-115.5.0-1.el9_3.x86_64.rpm SHA-256: 3c8056df26ae8b87911ead69298d307921ce7d1414926f7b2a901c899c855f16

Red Hat Enterprise Linux for x86_64 - Extended Update Support 9.4

SRPM
thunderbird-115.5.0-1.el9_3.src.rpm SHA-256: 7aeb86b4eb118f3089ebc129ebab51bfede5e8595dcc236ab32343019ad40b39
x86_64
thunderbird-115.5.0-1.el9_3.x86_64.rpm SHA-256: 93e76cec7ad82ddeb008e85e23b7c0f3bf6b6a8a16014ee89490ea030d55510d
thunderbird-debuginfo-115.5.0-1.el9_3.x86_64.rpm SHA-256: c833149670f463ab34a17ce470ded3a47b890656ed026b9788d7a7fa2f7fcf61
thunderbird-debugsource-115.5.0-1.el9_3.x86_64.rpm SHA-256: 3c8056df26ae8b87911ead69298d307921ce7d1414926f7b2a901c899c855f16

Red Hat Enterprise Linux Server - AUS 9.6

SRPM
thunderbird-115.5.0-1.el9_3.src.rpm SHA-256: 7aeb86b4eb118f3089ebc129ebab51bfede5e8595dcc236ab32343019ad40b39
x86_64
thunderbird-115.5.0-1.el9_3.x86_64.rpm SHA-256: 93e76cec7ad82ddeb008e85e23b7c0f3bf6b6a8a16014ee89490ea030d55510d
thunderbird-debuginfo-115.5.0-1.el9_3.x86_64.rpm SHA-256: c833149670f463ab34a17ce470ded3a47b890656ed026b9788d7a7fa2f7fcf61
thunderbird-debugsource-115.5.0-1.el9_3.x86_64.rpm SHA-256: 3c8056df26ae8b87911ead69298d307921ce7d1414926f7b2a901c899c855f16

Red Hat Enterprise Linux Server - AUS 9.4

SRPM
thunderbird-115.5.0-1.el9_3.src.rpm SHA-256: 7aeb86b4eb118f3089ebc129ebab51bfede5e8595dcc236ab32343019ad40b39
x86_64
thunderbird-115.5.0-1.el9_3.x86_64.rpm SHA-256: 93e76cec7ad82ddeb008e85e23b7c0f3bf6b6a8a16014ee89490ea030d55510d
thunderbird-debuginfo-115.5.0-1.el9_3.x86_64.rpm SHA-256: c833149670f463ab34a17ce470ded3a47b890656ed026b9788d7a7fa2f7fcf61
thunderbird-debugsource-115.5.0-1.el9_3.x86_64.rpm SHA-256: 3c8056df26ae8b87911ead69298d307921ce7d1414926f7b2a901c899c855f16

Red Hat Enterprise Linux for IBM z Systems 9

SRPM
thunderbird-115.5.0-1.el9_3.src.rpm SHA-256: 7aeb86b4eb118f3089ebc129ebab51bfede5e8595dcc236ab32343019ad40b39
s390x
thunderbird-115.5.0-1.el9_3.s390x.rpm SHA-256: 3b0292aaa6c4f92df015cee499ae30c111183123335cf03f3e4f66a9913d9405
thunderbird-debuginfo-115.5.0-1.el9_3.s390x.rpm SHA-256: 6a31525f73742aeb7e19b71e507a563802d532558006ca731484ccfc167f4336
thunderbird-debugsource-115.5.0-1.el9_3.s390x.rpm SHA-256: 5e79cf7a27749a34d42e159329600471248a977f0262da9443c7c1372437ce59

Red Hat Enterprise Linux for IBM z Systems - Extended Update Support 9.6

SRPM
thunderbird-115.5.0-1.el9_3.src.rpm SHA-256: 7aeb86b4eb118f3089ebc129ebab51bfede5e8595dcc236ab32343019ad40b39
s390x
thunderbird-115.5.0-1.el9_3.s390x.rpm SHA-256: 3b0292aaa6c4f92df015cee499ae30c111183123335cf03f3e4f66a9913d9405
thunderbird-debuginfo-115.5.0-1.el9_3.s390x.rpm SHA-256: 6a31525f73742aeb7e19b71e507a563802d532558006ca731484ccfc167f4336
thunderbird-debugsource-115.5.0-1.el9_3.s390x.rpm SHA-256: 5e79cf7a27749a34d42e159329600471248a977f0262da9443c7c1372437ce59

Red Hat Enterprise Linux for IBM z Systems - Extended Update Support 9.4

SRPM
thunderbird-115.5.0-1.el9_3.src.rpm SHA-256: 7aeb86b4eb118f3089ebc129ebab51bfede5e8595dcc236ab32343019ad40b39
s390x
thunderbird-115.5.0-1.el9_3.s390x.rpm SHA-256: 3b0292aaa6c4f92df015cee499ae30c111183123335cf03f3e4f66a9913d9405
thunderbird-debuginfo-115.5.0-1.el9_3.s390x.rpm SHA-256: 6a31525f73742aeb7e19b71e507a563802d532558006ca731484ccfc167f4336
thunderbird-debugsource-115.5.0-1.el9_3.s390x.rpm SHA-256: 5e79cf7a27749a34d42e159329600471248a977f0262da9443c7c1372437ce59

Red Hat Enterprise Linux for Power, little endian 9

SRPM
thunderbird-115.5.0-1.el9_3.src.rpm SHA-256: 7aeb86b4eb118f3089ebc129ebab51bfede5e8595dcc236ab32343019ad40b39
ppc64le
thunderbird-115.5.0-1.el9_3.ppc64le.rpm SHA-256: 58edab67608f11206c5e503979aee95d43bad56ae6a0bd815cd1ca8a192c374a
thunderbird-debuginfo-115.5.0-1.el9_3.ppc64le.rpm SHA-256: b8a700b448b3b7e802607c7acbf6302a7ccab77b95132dc8f427cabdd47f6c0e
thunderbird-debugsource-115.5.0-1.el9_3.ppc64le.rpm SHA-256: 28992c1ff5be283eff3e6866be648d12259fe1ce15a0fc371db95b967bb6fc4a

Red Hat Enterprise Linux for Power, little endian - Extended Update Support 9.6

SRPM
thunderbird-115.5.0-1.el9_3.src.rpm SHA-256: 7aeb86b4eb118f3089ebc129ebab51bfede5e8595dcc236ab32343019ad40b39
ppc64le
thunderbird-115.5.0-1.el9_3.ppc64le.rpm SHA-256: 58edab67608f11206c5e503979aee95d43bad56ae6a0bd815cd1ca8a192c374a
thunderbird-debuginfo-115.5.0-1.el9_3.ppc64le.rpm SHA-256: b8a700b448b3b7e802607c7acbf6302a7ccab77b95132dc8f427cabdd47f6c0e
thunderbird-debugsource-115.5.0-1.el9_3.ppc64le.rpm SHA-256: 28992c1ff5be283eff3e6866be648d12259fe1ce15a0fc371db95b967bb6fc4a

Red Hat Enterprise Linux for Power, little endian - Extended Update Support 9.4

SRPM
thunderbird-115.5.0-1.el9_3.src.rpm SHA-256: 7aeb86b4eb118f3089ebc129ebab51bfede5e8595dcc236ab32343019ad40b39
ppc64le
thunderbird-115.5.0-1.el9_3.ppc64le.rpm SHA-256: 58edab67608f11206c5e503979aee95d43bad56ae6a0bd815cd1ca8a192c374a
thunderbird-debuginfo-115.5.0-1.el9_3.ppc64le.rpm SHA-256: b8a700b448b3b7e802607c7acbf6302a7ccab77b95132dc8f427cabdd47f6c0e
thunderbird-debugsource-115.5.0-1.el9_3.ppc64le.rpm SHA-256: 28992c1ff5be283eff3e6866be648d12259fe1ce15a0fc371db95b967bb6fc4a

Red Hat Enterprise Linux for ARM 64 9

SRPM
thunderbird-115.5.0-1.el9_3.src.rpm SHA-256: 7aeb86b4eb118f3089ebc129ebab51bfede5e8595dcc236ab32343019ad40b39
aarch64
thunderbird-115.5.0-1.el9_3.aarch64.rpm SHA-256: bd75de2b291cb5074de3284bdf04ef9119c514d4f176face24dc9f173eb18b9d
thunderbird-debuginfo-115.5.0-1.el9_3.aarch64.rpm SHA-256: c3f0ad6d194850bbac49f5f6da9a675af54e16d83bd59d60764d8dfc48760e6b
thunderbird-debugsource-115.5.0-1.el9_3.aarch64.rpm SHA-256: 5e3986469377d97f5a51e3d59c8898ee75f5a027e38a09d9d6dc4ced2a0a01af

Red Hat Enterprise Linux for ARM 64 - Extended Update Support 9.6

SRPM
thunderbird-115.5.0-1.el9_3.src.rpm SHA-256: 7aeb86b4eb118f3089ebc129ebab51bfede5e8595dcc236ab32343019ad40b39
aarch64
thunderbird-115.5.0-1.el9_3.aarch64.rpm SHA-256: bd75de2b291cb5074de3284bdf04ef9119c514d4f176face24dc9f173eb18b9d
thunderbird-debuginfo-115.5.0-1.el9_3.aarch64.rpm SHA-256: c3f0ad6d194850bbac49f5f6da9a675af54e16d83bd59d60764d8dfc48760e6b
thunderbird-debugsource-115.5.0-1.el9_3.aarch64.rpm SHA-256: 5e3986469377d97f5a51e3d59c8898ee75f5a027e38a09d9d6dc4ced2a0a01af

Red Hat Enterprise Linux for ARM 64 - Extended Update Support 9.4

SRPM
thunderbird-115.5.0-1.el9_3.src.rpm SHA-256: 7aeb86b4eb118f3089ebc129ebab51bfede5e8595dcc236ab32343019ad40b39
aarch64
thunderbird-115.5.0-1.el9_3.aarch64.rpm SHA-256: bd75de2b291cb5074de3284bdf04ef9119c514d4f176face24dc9f173eb18b9d
thunderbird-debuginfo-115.5.0-1.el9_3.aarch64.rpm SHA-256: c3f0ad6d194850bbac49f5f6da9a675af54e16d83bd59d60764d8dfc48760e6b
thunderbird-debugsource-115.5.0-1.el9_3.aarch64.rpm SHA-256: 5e3986469377d97f5a51e3d59c8898ee75f5a027e38a09d9d6dc4ced2a0a01af

Red Hat Enterprise Linux Server for Power LE - Update Services for SAP Solutions 9.6

SRPM
thunderbird-115.5.0-1.el9_3.src.rpm SHA-256: 7aeb86b4eb118f3089ebc129ebab51bfede5e8595dcc236ab32343019ad40b39
ppc64le
thunderbird-115.5.0-1.el9_3.ppc64le.rpm SHA-256: 58edab67608f11206c5e503979aee95d43bad56ae6a0bd815cd1ca8a192c374a
thunderbird-debuginfo-115.5.0-1.el9_3.ppc64le.rpm SHA-256: b8a700b448b3b7e802607c7acbf6302a7ccab77b95132dc8f427cabdd47f6c0e
thunderbird-debugsource-115.5.0-1.el9_3.ppc64le.rpm SHA-256: 28992c1ff5be283eff3e6866be648d12259fe1ce15a0fc371db95b967bb6fc4a

Red Hat Enterprise Linux Server for Power LE - Update Services for SAP Solutions 9.4

SRPM
thunderbird-115.5.0-1.el9_3.src.rpm SHA-256: 7aeb86b4eb118f3089ebc129ebab51bfede5e8595dcc236ab32343019ad40b39
ppc64le
thunderbird-115.5.0-1.el9_3.ppc64le.rpm SHA-256: 58edab67608f11206c5e503979aee95d43bad56ae6a0bd815cd1ca8a192c374a
thunderbird-debuginfo-115.5.0-1.el9_3.ppc64le.rpm SHA-256: b8a700b448b3b7e802607c7acbf6302a7ccab77b95132dc8f427cabdd47f6c0e
thunderbird-debugsource-115.5.0-1.el9_3.ppc64le.rpm SHA-256: 28992c1ff5be283eff3e6866be648d12259fe1ce15a0fc371db95b967bb6fc4a

Red Hat Enterprise Linux for x86_64 - Update Services for SAP Solutions 9.6

SRPM
thunderbird-115.5.0-1.el9_3.src.rpm SHA-256: 7aeb86b4eb118f3089ebc129ebab51bfede5e8595dcc236ab32343019ad40b39
x86_64
thunderbird-115.5.0-1.el9_3.x86_64.rpm SHA-256: 93e76cec7ad82ddeb008e85e23b7c0f3bf6b6a8a16014ee89490ea030d55510d
thunderbird-debuginfo-115.5.0-1.el9_3.x86_64.rpm SHA-256: c833149670f463ab34a17ce470ded3a47b890656ed026b9788d7a7fa2f7fcf61
thunderbird-debugsource-115.5.0-1.el9_3.x86_64.rpm SHA-256: 3c8056df26ae8b87911ead69298d307921ce7d1414926f7b2a901c899c855f16

Red Hat Enterprise Linux for x86_64 - Update Services for SAP Solutions 9.4

SRPM
thunderbird-115.5.0-1.el9_3.src.rpm SHA-256: 7aeb86b4eb118f3089ebc129ebab51bfede5e8595dcc236ab32343019ad40b39
x86_64
thunderbird-115.5.0-1.el9_3.x86_64.rpm SHA-256: 93e76cec7ad82ddeb008e85e23b7c0f3bf6b6a8a16014ee89490ea030d55510d
thunderbird-debuginfo-115.5.0-1.el9_3.x86_64.rpm SHA-256: c833149670f463ab34a17ce470ded3a47b890656ed026b9788d7a7fa2f7fcf61
thunderbird-debugsource-115.5.0-1.el9_3.x86_64.rpm SHA-256: 3c8056df26ae8b87911ead69298d307921ce7d1414926f7b2a901c899c855f16

Red Hat Enterprise Linux for ARM 64 - 4 years of updates 9.6

SRPM
thunderbird-115.5.0-1.el9_3.src.rpm SHA-256: 7aeb86b4eb118f3089ebc129ebab51bfede5e8595dcc236ab32343019ad40b39
aarch64
thunderbird-115.5.0-1.el9_3.aarch64.rpm SHA-256: bd75de2b291cb5074de3284bdf04ef9119c514d4f176face24dc9f173eb18b9d
thunderbird-debuginfo-115.5.0-1.el9_3.aarch64.rpm SHA-256: c3f0ad6d194850bbac49f5f6da9a675af54e16d83bd59d60764d8dfc48760e6b
thunderbird-debugsource-115.5.0-1.el9_3.aarch64.rpm SHA-256: 5e3986469377d97f5a51e3d59c8898ee75f5a027e38a09d9d6dc4ced2a0a01af

Red Hat Enterprise Linux for ARM 64 - 4 years of updates 9.4

SRPM
thunderbird-115.5.0-1.el9_3.src.rpm SHA-256: 7aeb86b4eb118f3089ebc129ebab51bfede5e8595dcc236ab32343019ad40b39
aarch64
thunderbird-115.5.0-1.el9_3.aarch64.rpm SHA-256: bd75de2b291cb5074de3284bdf04ef9119c514d4f176face24dc9f173eb18b9d
thunderbird-debuginfo-115.5.0-1.el9_3.aarch64.rpm SHA-256: c3f0ad6d194850bbac49f5f6da9a675af54e16d83bd59d60764d8dfc48760e6b
thunderbird-debugsource-115.5.0-1.el9_3.aarch64.rpm SHA-256: 5e3986469377d97f5a51e3d59c8898ee75f5a027e38a09d9d6dc4ced2a0a01af

Red Hat Enterprise Linux for IBM z Systems - 4 years of updates 9.6

SRPM
thunderbird-115.5.0-1.el9_3.src.rpm SHA-256: 7aeb86b4eb118f3089ebc129ebab51bfede5e8595dcc236ab32343019ad40b39
s390x
thunderbird-115.5.0-1.el9_3.s390x.rpm SHA-256: 3b0292aaa6c4f92df015cee499ae30c111183123335cf03f3e4f66a9913d9405
thunderbird-debuginfo-115.5.0-1.el9_3.s390x.rpm SHA-256: 6a31525f73742aeb7e19b71e507a563802d532558006ca731484ccfc167f4336
thunderbird-debugsource-115.5.0-1.el9_3.s390x.rpm SHA-256: 5e79cf7a27749a34d42e159329600471248a977f0262da9443c7c1372437ce59

Red Hat Enterprise Linux for IBM z Systems - 4 years of updates 9.4

SRPM
thunderbird-115.5.0-1.el9_3.src.rpm SHA-256: 7aeb86b4eb118f3089ebc129ebab51bfede5e8595dcc236ab32343019ad40b39
s390x
thunderbird-115.5.0-1.el9_3.s390x.rpm SHA-256: 3b0292aaa6c4f92df015cee499ae30c111183123335cf03f3e4f66a9913d9405
thunderbird-debuginfo-115.5.0-1.el9_3.s390x.rpm SHA-256: 6a31525f73742aeb7e19b71e507a563802d532558006ca731484ccfc167f4336
thunderbird-debugsource-115.5.0-1.el9_3.s390x.rpm SHA-256: 5e79cf7a27749a34d42e159329600471248a977f0262da9443c7c1372437ce59

The Red Hat security contact is secalert@redhat.com. More contact details at https://access.redhat.com/security/team/contact/.