Issued:: 2024-01-30
Updated:: 2024-01-30

RHSA-2024:0602 - Security Advisory

Overview
Updated Packages

Synopsis

Important: thunderbird security update

Type/Severity

Security Advisory: Important

Red Hat Insights patch analysis

Identify and remediate systems affected by this advisory.

View affected systems

Topic

An update for thunderbird is now available for Red Hat Enterprise Linux 9.

Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.

Description

Mozilla Thunderbird is a standalone mail and newsgroup client.

This update upgrades Thunderbird to version 115.7.0.

Security Fix(es):

Mozilla: Out of bounds write in ANGLE (CVE-2024-0741)
Mozilla: Failure to update user input timestamp (CVE-2024-0742)
Mozilla: Crash when listing printers on Linux (CVE-2024-0746)
Mozilla: Bypass of Content Security Policy when directive unsafe-inline was set (CVE-2024-0747)
Mozilla: Phishing site popup could show local origin in address bar (CVE-2024-0749)
Mozilla: Potential permissions request bypass via clickjacking (CVE-2024-0750)
Mozilla: Privilege escalation through devtools (CVE-2024-0751)
Mozilla: HSTS policy on subdomain could bypass policy of upper domain (CVE-2024-0753)
Mozilla: Memory safety bugs fixed in Firefox 122, Firefox ESR 115.7, and Thunderbird 115.7 (CVE-2024-0755)

For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.

Solution

For details on how to apply this update, which includes the changes described in this advisory, refer to:

https://access.redhat.com/articles/11258

All running instances of Thunderbird must be restarted for the update to take effect.

Affected Products

Red Hat Enterprise Linux for x86_64 9 x86_64
Red Hat Enterprise Linux for x86_64 - Extended Update Support 9.6 x86_64
Red Hat Enterprise Linux for x86_64 - Extended Update Support 9.4 x86_64
Red Hat Enterprise Linux Server - AUS 9.6 x86_64
Red Hat Enterprise Linux Server - AUS 9.4 x86_64
Red Hat Enterprise Linux for IBM z Systems 9 s390x
Red Hat Enterprise Linux for IBM z Systems - Extended Update Support 9.6 s390x
Red Hat Enterprise Linux for IBM z Systems - Extended Update Support 9.4 s390x
Red Hat Enterprise Linux for Power, little endian 9 ppc64le
Red Hat Enterprise Linux for Power, little endian - Extended Update Support 9.6 ppc64le
Red Hat Enterprise Linux for Power, little endian - Extended Update Support 9.4 ppc64le
Red Hat Enterprise Linux for ARM 64 9 aarch64
Red Hat Enterprise Linux for ARM 64 - Extended Update Support 9.6 aarch64
Red Hat Enterprise Linux for ARM 64 - Extended Update Support 9.4 aarch64
Red Hat Enterprise Linux Server for Power LE - Update Services for SAP Solutions 9.6 ppc64le
Red Hat Enterprise Linux Server for Power LE - Update Services for SAP Solutions 9.4 ppc64le
Red Hat Enterprise Linux for x86_64 - Update Services for SAP Solutions 9.6 x86_64
Red Hat Enterprise Linux for x86_64 - Update Services for SAP Solutions 9.4 x86_64
Red Hat Enterprise Linux for ARM 64 - 4 years of updates 9.6 aarch64
Red Hat Enterprise Linux for ARM 64 - 4 years of updates 9.4 aarch64
Red Hat Enterprise Linux for IBM z Systems - 4 years of updates 9.6 s390x
Red Hat Enterprise Linux for IBM z Systems - 4 years of updates 9.4 s390x

Fixes

BZ - 2259926 - CVE-2024-0741 Mozilla: Out of bounds write in ANGLE
BZ - 2259927 - CVE-2024-0742 Mozilla: Failure to update user input timestamp
BZ - 2259928 - CVE-2024-0746 Mozilla: Crash when listing printers on Linux
BZ - 2259929 - CVE-2024-0747 Mozilla: Bypass of Content Security Policy when directive unsafe-inline was set
BZ - 2259930 - CVE-2024-0749 Mozilla: Phishing site popup could show local origin in address bar
BZ - 2259931 - CVE-2024-0750 Mozilla: Potential permissions request bypass via clickjacking
BZ - 2259932 - CVE-2024-0751 Mozilla: Privilege escalation through devtools
BZ - 2259933 - CVE-2024-0753 Mozilla: HSTS policy on subdomain could bypass policy of upper domain
BZ - 2259934 - CVE-2024-0755 Mozilla: Memory safety bugs fixed in Firefox 122, Firefox ESR 115.7, and Thunderbird 115.7

CVEs

References

https://access.redhat.com/security/updates/classification/#important

Note: More recent versions of these packages may be available. Click a package name for more details.

Red Hat Enterprise Linux for x86_64 9

SRPM
thunderbird-115.7.0-1.el9_3.src.rpm	SHA-256: 6585386aadf0e5005a4e25abee21067060333b9b401aa846e897114098377adf
x86_64
thunderbird-115.7.0-1.el9_3.x86_64.rpm	SHA-256: 06bf4904c5a4ec6a1c7bbd459c3582162ae28941c49b956b41a977483af62267
thunderbird-debuginfo-115.7.0-1.el9_3.x86_64.rpm	SHA-256: 68a422a395cc047607f546dc549925ece2681bcf3efb7bd8825403ac0ff126cc
thunderbird-debugsource-115.7.0-1.el9_3.x86_64.rpm	SHA-256: 5488f19d01128ff92b4a23d236b72cb3a4d15f202f5ae8c3f5997f4db64fb5c0

Red Hat Enterprise Linux for x86_64 - Extended Update Support 9.6

SRPM
thunderbird-115.7.0-1.el9_3.src.rpm	SHA-256: 6585386aadf0e5005a4e25abee21067060333b9b401aa846e897114098377adf
x86_64
thunderbird-115.7.0-1.el9_3.x86_64.rpm	SHA-256: 06bf4904c5a4ec6a1c7bbd459c3582162ae28941c49b956b41a977483af62267
thunderbird-debuginfo-115.7.0-1.el9_3.x86_64.rpm	SHA-256: 68a422a395cc047607f546dc549925ece2681bcf3efb7bd8825403ac0ff126cc
thunderbird-debugsource-115.7.0-1.el9_3.x86_64.rpm	SHA-256: 5488f19d01128ff92b4a23d236b72cb3a4d15f202f5ae8c3f5997f4db64fb5c0

Red Hat Enterprise Linux for x86_64 - Extended Update Support 9.4

SRPM
thunderbird-115.7.0-1.el9_3.src.rpm	SHA-256: 6585386aadf0e5005a4e25abee21067060333b9b401aa846e897114098377adf
x86_64
thunderbird-115.7.0-1.el9_3.x86_64.rpm	SHA-256: 06bf4904c5a4ec6a1c7bbd459c3582162ae28941c49b956b41a977483af62267
thunderbird-debuginfo-115.7.0-1.el9_3.x86_64.rpm	SHA-256: 68a422a395cc047607f546dc549925ece2681bcf3efb7bd8825403ac0ff126cc
thunderbird-debugsource-115.7.0-1.el9_3.x86_64.rpm	SHA-256: 5488f19d01128ff92b4a23d236b72cb3a4d15f202f5ae8c3f5997f4db64fb5c0

Red Hat Enterprise Linux Server - AUS 9.6

SRPM
thunderbird-115.7.0-1.el9_3.src.rpm	SHA-256: 6585386aadf0e5005a4e25abee21067060333b9b401aa846e897114098377adf
x86_64
thunderbird-115.7.0-1.el9_3.x86_64.rpm	SHA-256: 06bf4904c5a4ec6a1c7bbd459c3582162ae28941c49b956b41a977483af62267
thunderbird-debuginfo-115.7.0-1.el9_3.x86_64.rpm	SHA-256: 68a422a395cc047607f546dc549925ece2681bcf3efb7bd8825403ac0ff126cc
thunderbird-debugsource-115.7.0-1.el9_3.x86_64.rpm	SHA-256: 5488f19d01128ff92b4a23d236b72cb3a4d15f202f5ae8c3f5997f4db64fb5c0

Red Hat Enterprise Linux Server - AUS 9.4

SRPM
thunderbird-115.7.0-1.el9_3.src.rpm	SHA-256: 6585386aadf0e5005a4e25abee21067060333b9b401aa846e897114098377adf
x86_64
thunderbird-115.7.0-1.el9_3.x86_64.rpm	SHA-256: 06bf4904c5a4ec6a1c7bbd459c3582162ae28941c49b956b41a977483af62267
thunderbird-debuginfo-115.7.0-1.el9_3.x86_64.rpm	SHA-256: 68a422a395cc047607f546dc549925ece2681bcf3efb7bd8825403ac0ff126cc
thunderbird-debugsource-115.7.0-1.el9_3.x86_64.rpm	SHA-256: 5488f19d01128ff92b4a23d236b72cb3a4d15f202f5ae8c3f5997f4db64fb5c0

Red Hat Enterprise Linux for IBM z Systems 9

SRPM
thunderbird-115.7.0-1.el9_3.src.rpm	SHA-256: 6585386aadf0e5005a4e25abee21067060333b9b401aa846e897114098377adf
s390x
thunderbird-115.7.0-1.el9_3.s390x.rpm	SHA-256: 913ccfae0f6e69c030661691fdebfcadd6b74b1e29d6524ea8b52f9f12d53e7e
thunderbird-debuginfo-115.7.0-1.el9_3.s390x.rpm	SHA-256: f33d5e46e087e4e337ed9143fe12f0a2f90ef2554aed492bb94bff45acf53f9a
thunderbird-debugsource-115.7.0-1.el9_3.s390x.rpm	SHA-256: e9607b0765ae186d2ddd9baf2308534b6e7475218cee384793b5409b6c6f6ee8

Red Hat Enterprise Linux for IBM z Systems - Extended Update Support 9.6

SRPM
thunderbird-115.7.0-1.el9_3.src.rpm	SHA-256: 6585386aadf0e5005a4e25abee21067060333b9b401aa846e897114098377adf
s390x
thunderbird-115.7.0-1.el9_3.s390x.rpm	SHA-256: 913ccfae0f6e69c030661691fdebfcadd6b74b1e29d6524ea8b52f9f12d53e7e
thunderbird-debuginfo-115.7.0-1.el9_3.s390x.rpm	SHA-256: f33d5e46e087e4e337ed9143fe12f0a2f90ef2554aed492bb94bff45acf53f9a
thunderbird-debugsource-115.7.0-1.el9_3.s390x.rpm	SHA-256: e9607b0765ae186d2ddd9baf2308534b6e7475218cee384793b5409b6c6f6ee8

Red Hat Enterprise Linux for IBM z Systems - Extended Update Support 9.4

SRPM
thunderbird-115.7.0-1.el9_3.src.rpm	SHA-256: 6585386aadf0e5005a4e25abee21067060333b9b401aa846e897114098377adf
s390x
thunderbird-115.7.0-1.el9_3.s390x.rpm	SHA-256: 913ccfae0f6e69c030661691fdebfcadd6b74b1e29d6524ea8b52f9f12d53e7e
thunderbird-debuginfo-115.7.0-1.el9_3.s390x.rpm	SHA-256: f33d5e46e087e4e337ed9143fe12f0a2f90ef2554aed492bb94bff45acf53f9a
thunderbird-debugsource-115.7.0-1.el9_3.s390x.rpm	SHA-256: e9607b0765ae186d2ddd9baf2308534b6e7475218cee384793b5409b6c6f6ee8

Red Hat Enterprise Linux for Power, little endian 9

SRPM
thunderbird-115.7.0-1.el9_3.src.rpm	SHA-256: 6585386aadf0e5005a4e25abee21067060333b9b401aa846e897114098377adf
ppc64le
thunderbird-115.7.0-1.el9_3.ppc64le.rpm	SHA-256: 0cea603977c8c45bf589e7162af5cc9d433230bf6087e80ef74060aabb4e6010
thunderbird-debuginfo-115.7.0-1.el9_3.ppc64le.rpm	SHA-256: 82fdb89134f8914f10db903ee1c291a139d37ab92dbf357f410593936b535c5e
thunderbird-debugsource-115.7.0-1.el9_3.ppc64le.rpm	SHA-256: a0330315e684c08eac65bb308943bcb755b779e67ae66b33cf7aa6b296259af3

Red Hat Enterprise Linux for Power, little endian - Extended Update Support 9.6

SRPM
thunderbird-115.7.0-1.el9_3.src.rpm	SHA-256: 6585386aadf0e5005a4e25abee21067060333b9b401aa846e897114098377adf
ppc64le
thunderbird-115.7.0-1.el9_3.ppc64le.rpm	SHA-256: 0cea603977c8c45bf589e7162af5cc9d433230bf6087e80ef74060aabb4e6010
thunderbird-debuginfo-115.7.0-1.el9_3.ppc64le.rpm	SHA-256: 82fdb89134f8914f10db903ee1c291a139d37ab92dbf357f410593936b535c5e
thunderbird-debugsource-115.7.0-1.el9_3.ppc64le.rpm	SHA-256: a0330315e684c08eac65bb308943bcb755b779e67ae66b33cf7aa6b296259af3

Red Hat Enterprise Linux for Power, little endian - Extended Update Support 9.4

SRPM
thunderbird-115.7.0-1.el9_3.src.rpm	SHA-256: 6585386aadf0e5005a4e25abee21067060333b9b401aa846e897114098377adf
ppc64le
thunderbird-115.7.0-1.el9_3.ppc64le.rpm	SHA-256: 0cea603977c8c45bf589e7162af5cc9d433230bf6087e80ef74060aabb4e6010
thunderbird-debuginfo-115.7.0-1.el9_3.ppc64le.rpm	SHA-256: 82fdb89134f8914f10db903ee1c291a139d37ab92dbf357f410593936b535c5e
thunderbird-debugsource-115.7.0-1.el9_3.ppc64le.rpm	SHA-256: a0330315e684c08eac65bb308943bcb755b779e67ae66b33cf7aa6b296259af3

Red Hat Enterprise Linux for ARM 64 9

SRPM
thunderbird-115.7.0-1.el9_3.src.rpm	SHA-256: 6585386aadf0e5005a4e25abee21067060333b9b401aa846e897114098377adf
aarch64
thunderbird-115.7.0-1.el9_3.aarch64.rpm	SHA-256: 756cf9e21ecefa6cca17dfd1709b1a92928256a096b8881cf127256a421934e4
thunderbird-debuginfo-115.7.0-1.el9_3.aarch64.rpm	SHA-256: 13d96bdd5a20ac58647c05f30f02db50db3ff02f3eabc4e8cb57da8cb18c394d
thunderbird-debugsource-115.7.0-1.el9_3.aarch64.rpm	SHA-256: 367809f47c8d797518066ec0fd818bdb1dabed35cf2557a9765849ef82346be0

Red Hat Enterprise Linux for ARM 64 - Extended Update Support 9.6

SRPM
thunderbird-115.7.0-1.el9_3.src.rpm	SHA-256: 6585386aadf0e5005a4e25abee21067060333b9b401aa846e897114098377adf
aarch64
thunderbird-115.7.0-1.el9_3.aarch64.rpm	SHA-256: 756cf9e21ecefa6cca17dfd1709b1a92928256a096b8881cf127256a421934e4
thunderbird-debuginfo-115.7.0-1.el9_3.aarch64.rpm	SHA-256: 13d96bdd5a20ac58647c05f30f02db50db3ff02f3eabc4e8cb57da8cb18c394d
thunderbird-debugsource-115.7.0-1.el9_3.aarch64.rpm	SHA-256: 367809f47c8d797518066ec0fd818bdb1dabed35cf2557a9765849ef82346be0

Red Hat Enterprise Linux for ARM 64 - Extended Update Support 9.4

SRPM
thunderbird-115.7.0-1.el9_3.src.rpm	SHA-256: 6585386aadf0e5005a4e25abee21067060333b9b401aa846e897114098377adf
aarch64
thunderbird-115.7.0-1.el9_3.aarch64.rpm	SHA-256: 756cf9e21ecefa6cca17dfd1709b1a92928256a096b8881cf127256a421934e4
thunderbird-debuginfo-115.7.0-1.el9_3.aarch64.rpm	SHA-256: 13d96bdd5a20ac58647c05f30f02db50db3ff02f3eabc4e8cb57da8cb18c394d
thunderbird-debugsource-115.7.0-1.el9_3.aarch64.rpm	SHA-256: 367809f47c8d797518066ec0fd818bdb1dabed35cf2557a9765849ef82346be0

Red Hat Enterprise Linux Server for Power LE - Update Services for SAP Solutions 9.6

SRPM
thunderbird-115.7.0-1.el9_3.src.rpm	SHA-256: 6585386aadf0e5005a4e25abee21067060333b9b401aa846e897114098377adf
ppc64le
thunderbird-115.7.0-1.el9_3.ppc64le.rpm	SHA-256: 0cea603977c8c45bf589e7162af5cc9d433230bf6087e80ef74060aabb4e6010
thunderbird-debuginfo-115.7.0-1.el9_3.ppc64le.rpm	SHA-256: 82fdb89134f8914f10db903ee1c291a139d37ab92dbf357f410593936b535c5e
thunderbird-debugsource-115.7.0-1.el9_3.ppc64le.rpm	SHA-256: a0330315e684c08eac65bb308943bcb755b779e67ae66b33cf7aa6b296259af3

Red Hat Enterprise Linux Server for Power LE - Update Services for SAP Solutions 9.4

SRPM
thunderbird-115.7.0-1.el9_3.src.rpm	SHA-256: 6585386aadf0e5005a4e25abee21067060333b9b401aa846e897114098377adf
ppc64le
thunderbird-115.7.0-1.el9_3.ppc64le.rpm	SHA-256: 0cea603977c8c45bf589e7162af5cc9d433230bf6087e80ef74060aabb4e6010
thunderbird-debuginfo-115.7.0-1.el9_3.ppc64le.rpm	SHA-256: 82fdb89134f8914f10db903ee1c291a139d37ab92dbf357f410593936b535c5e
thunderbird-debugsource-115.7.0-1.el9_3.ppc64le.rpm	SHA-256: a0330315e684c08eac65bb308943bcb755b779e67ae66b33cf7aa6b296259af3

Red Hat Enterprise Linux for x86_64 - Update Services for SAP Solutions 9.6

SRPM
thunderbird-115.7.0-1.el9_3.src.rpm	SHA-256: 6585386aadf0e5005a4e25abee21067060333b9b401aa846e897114098377adf
x86_64
thunderbird-115.7.0-1.el9_3.x86_64.rpm	SHA-256: 06bf4904c5a4ec6a1c7bbd459c3582162ae28941c49b956b41a977483af62267
thunderbird-debuginfo-115.7.0-1.el9_3.x86_64.rpm	SHA-256: 68a422a395cc047607f546dc549925ece2681bcf3efb7bd8825403ac0ff126cc
thunderbird-debugsource-115.7.0-1.el9_3.x86_64.rpm	SHA-256: 5488f19d01128ff92b4a23d236b72cb3a4d15f202f5ae8c3f5997f4db64fb5c0

Red Hat Enterprise Linux for x86_64 - Update Services for SAP Solutions 9.4

SRPM
thunderbird-115.7.0-1.el9_3.src.rpm	SHA-256: 6585386aadf0e5005a4e25abee21067060333b9b401aa846e897114098377adf
x86_64
thunderbird-115.7.0-1.el9_3.x86_64.rpm	SHA-256: 06bf4904c5a4ec6a1c7bbd459c3582162ae28941c49b956b41a977483af62267
thunderbird-debuginfo-115.7.0-1.el9_3.x86_64.rpm	SHA-256: 68a422a395cc047607f546dc549925ece2681bcf3efb7bd8825403ac0ff126cc
thunderbird-debugsource-115.7.0-1.el9_3.x86_64.rpm	SHA-256: 5488f19d01128ff92b4a23d236b72cb3a4d15f202f5ae8c3f5997f4db64fb5c0

Red Hat Enterprise Linux for ARM 64 - 4 years of updates 9.6

SRPM
thunderbird-115.7.0-1.el9_3.src.rpm	SHA-256: 6585386aadf0e5005a4e25abee21067060333b9b401aa846e897114098377adf
aarch64
thunderbird-115.7.0-1.el9_3.aarch64.rpm	SHA-256: 756cf9e21ecefa6cca17dfd1709b1a92928256a096b8881cf127256a421934e4
thunderbird-debuginfo-115.7.0-1.el9_3.aarch64.rpm	SHA-256: 13d96bdd5a20ac58647c05f30f02db50db3ff02f3eabc4e8cb57da8cb18c394d
thunderbird-debugsource-115.7.0-1.el9_3.aarch64.rpm	SHA-256: 367809f47c8d797518066ec0fd818bdb1dabed35cf2557a9765849ef82346be0

Red Hat Enterprise Linux for ARM 64 - 4 years of updates 9.4

SRPM
thunderbird-115.7.0-1.el9_3.src.rpm	SHA-256: 6585386aadf0e5005a4e25abee21067060333b9b401aa846e897114098377adf
aarch64
thunderbird-115.7.0-1.el9_3.aarch64.rpm	SHA-256: 756cf9e21ecefa6cca17dfd1709b1a92928256a096b8881cf127256a421934e4
thunderbird-debuginfo-115.7.0-1.el9_3.aarch64.rpm	SHA-256: 13d96bdd5a20ac58647c05f30f02db50db3ff02f3eabc4e8cb57da8cb18c394d
thunderbird-debugsource-115.7.0-1.el9_3.aarch64.rpm	SHA-256: 367809f47c8d797518066ec0fd818bdb1dabed35cf2557a9765849ef82346be0

Red Hat Enterprise Linux for IBM z Systems - 4 years of updates 9.6

SRPM
thunderbird-115.7.0-1.el9_3.src.rpm	SHA-256: 6585386aadf0e5005a4e25abee21067060333b9b401aa846e897114098377adf
s390x
thunderbird-115.7.0-1.el9_3.s390x.rpm	SHA-256: 913ccfae0f6e69c030661691fdebfcadd6b74b1e29d6524ea8b52f9f12d53e7e
thunderbird-debuginfo-115.7.0-1.el9_3.s390x.rpm	SHA-256: f33d5e46e087e4e337ed9143fe12f0a2f90ef2554aed492bb94bff45acf53f9a
thunderbird-debugsource-115.7.0-1.el9_3.s390x.rpm	SHA-256: e9607b0765ae186d2ddd9baf2308534b6e7475218cee384793b5409b6c6f6ee8

Red Hat Enterprise Linux for IBM z Systems - 4 years of updates 9.4

SRPM
thunderbird-115.7.0-1.el9_3.src.rpm	SHA-256: 6585386aadf0e5005a4e25abee21067060333b9b401aa846e897114098377adf
s390x
thunderbird-115.7.0-1.el9_3.s390x.rpm	SHA-256: 913ccfae0f6e69c030661691fdebfcadd6b74b1e29d6524ea8b52f9f12d53e7e
thunderbird-debuginfo-115.7.0-1.el9_3.s390x.rpm	SHA-256: f33d5e46e087e4e337ed9143fe12f0a2f90ef2554aed492bb94bff45acf53f9a
thunderbird-debugsource-115.7.0-1.el9_3.s390x.rpm	SHA-256: e9607b0765ae186d2ddd9baf2308534b6e7475218cee384793b5409b6c6f6ee8

The Red Hat security contact is secalert@redhat.com. More contact details at https://access.redhat.com/security/team/contact/.