Red Hat Product Errata RHSA-2024:0616 - Security Advisory
Issued:
2024-01-30
Updated:
2024-01-30

RHSA-2024:0616 - Security Advisory

Synopsis

Important: thunderbird security update

Type/Severity

Security Advisory: Important

Red Hat Insights patch analysis

Identify and remediate systems affected by this advisory.

View affected systems

Topic

An update for thunderbird is now available for Red Hat Enterprise Linux 9.0 Extended Update Support.

Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.

Description

Mozilla Thunderbird is a standalone mail and newsgroup client.

This update upgrades Thunderbird to version 115.7.0.

Security Fix(es):

  • Mozilla: Out of bounds write in ANGLE (CVE-2024-0741)
  • Mozilla: Failure to update user input timestamp (CVE-2024-0742)
  • Mozilla: Crash when listing printers on Linux (CVE-2024-0746)
  • Mozilla: Bypass of Content Security Policy when directive unsafe-inline was set (CVE-2024-0747)
  • Mozilla: Phishing site popup could show local origin in address bar (CVE-2024-0749)
  • Mozilla: Potential permissions request bypass via clickjacking (CVE-2024-0750)
  • Mozilla: Privilege escalation through devtools (CVE-2024-0751)
  • Mozilla: HSTS policy on subdomain could bypass policy of upper domain (CVE-2024-0753)
  • Mozilla: Memory safety bugs fixed in Firefox 122, Firefox ESR 115.7, and Thunderbird 115.7 (CVE-2024-0755)

For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.

Solution

For details on how to apply this update, which includes the changes described in this advisory, refer to:

https://access.redhat.com/articles/11258

All running instances of Thunderbird must be restarted for the update to take effect.

Affected Products

  • Red Hat Enterprise Linux for x86_64 - Extended Update Support 9.0 x86_64
  • Red Hat Enterprise Linux for IBM z Systems - Extended Update Support 9.0 s390x
  • Red Hat Enterprise Linux for Power, little endian - Extended Update Support 9.0 ppc64le
  • Red Hat Enterprise Linux for ARM 64 - Extended Update Support 9.0 aarch64
  • Red Hat Enterprise Linux Server for Power LE - Update Services for SAP Solutions 9.0 ppc64le
  • Red Hat Enterprise Linux for x86_64 - Update Services for SAP Solutions 9.0 x86_64
  • Red Hat Enterprise Linux for ARM 64 - 4 years of updates 9.0 aarch64
  • Red Hat Enterprise Linux for IBM z Systems - 4 years of updates 9.0 s390x

Fixes

  • BZ - 2259926 - CVE-2024-0741 Mozilla: Out of bounds write in ANGLE
  • BZ - 2259927 - CVE-2024-0742 Mozilla: Failure to update user input timestamp
  • BZ - 2259928 - CVE-2024-0746 Mozilla: Crash when listing printers on Linux
  • BZ - 2259929 - CVE-2024-0747 Mozilla: Bypass of Content Security Policy when directive unsafe-inline was set
  • BZ - 2259930 - CVE-2024-0749 Mozilla: Phishing site popup could show local origin in address bar
  • BZ - 2259931 - CVE-2024-0750 Mozilla: Potential permissions request bypass via clickjacking
  • BZ - 2259932 - CVE-2024-0751 Mozilla: Privilege escalation through devtools
  • BZ - 2259933 - CVE-2024-0753 Mozilla: HSTS policy on subdomain could bypass policy of upper domain
  • BZ - 2259934 - CVE-2024-0755 Mozilla: Memory safety bugs fixed in Firefox 122, Firefox ESR 115.7, and Thunderbird 115.7

Red Hat Enterprise Linux for x86_64 - Extended Update Support 9.0

SRPM
thunderbird-115.7.0-1.el9_0.src.rpm SHA-256: 56d97e802ffb8b1904c146b84f1b86262e7675b2af184bf123f5f7042a8c303d
x86_64
thunderbird-115.7.0-1.el9_0.x86_64.rpm SHA-256: ef01e5bf09de83f8f12042b8e3f9d0972f2da8ddd13743549dd0e0a6fcd8f4c9
thunderbird-debuginfo-115.7.0-1.el9_0.x86_64.rpm SHA-256: 9f513923cdd1be547c138c0a52ea382bb80d5a7988823e2e9dbf23df67d9aec4
thunderbird-debugsource-115.7.0-1.el9_0.x86_64.rpm SHA-256: 12eef9308f87d8e3e61cbbbbb0b76e7de830e38b3cedfa08b46bb0af7351cb4b

Red Hat Enterprise Linux for IBM z Systems - Extended Update Support 9.0

SRPM
thunderbird-115.7.0-1.el9_0.src.rpm SHA-256: 56d97e802ffb8b1904c146b84f1b86262e7675b2af184bf123f5f7042a8c303d
s390x
thunderbird-115.7.0-1.el9_0.s390x.rpm SHA-256: 1434d520b5def685797c49201965610368f195a350118f7c4a960cd01a347e49
thunderbird-debuginfo-115.7.0-1.el9_0.s390x.rpm SHA-256: 5131f439725bb1c02be60255edad0355bb71895d7254c1592777a3ca20e251dc
thunderbird-debugsource-115.7.0-1.el9_0.s390x.rpm SHA-256: 19998854cfcceffff07461fc1441b3ab8b4224aabda5b10615ff3875a9baee60

Red Hat Enterprise Linux for Power, little endian - Extended Update Support 9.0

SRPM
thunderbird-115.7.0-1.el9_0.src.rpm SHA-256: 56d97e802ffb8b1904c146b84f1b86262e7675b2af184bf123f5f7042a8c303d
ppc64le
thunderbird-115.7.0-1.el9_0.ppc64le.rpm SHA-256: 48e5af4c05646baa1562c65b08a5e471babc1ac43b5b8654b2cc5d3db4fa4987
thunderbird-debuginfo-115.7.0-1.el9_0.ppc64le.rpm SHA-256: 7ba81be734a1afd0508d16a651f5bfddd08c6a28f5a303f464247f7f21f334b2
thunderbird-debugsource-115.7.0-1.el9_0.ppc64le.rpm SHA-256: b80c7bdc0764545c4367b230e0972c7733cbb32dbb38d79e782c4c5275dc661e

Red Hat Enterprise Linux for ARM 64 - Extended Update Support 9.0

SRPM
thunderbird-115.7.0-1.el9_0.src.rpm SHA-256: 56d97e802ffb8b1904c146b84f1b86262e7675b2af184bf123f5f7042a8c303d
aarch64
thunderbird-115.7.0-1.el9_0.aarch64.rpm SHA-256: 593fcdcf0ddc5614681f60d56eac375a3544890cd636c2efbe1c4f15c236fa31
thunderbird-debuginfo-115.7.0-1.el9_0.aarch64.rpm SHA-256: 87a7b8c5008ead258a2eb415ba43c3fcfe81b8435dd1e164d72abee7bcce2c00
thunderbird-debugsource-115.7.0-1.el9_0.aarch64.rpm SHA-256: 72fca4c5a576e45ab4578fdc4bf5d8c771b341f4d003c4a1aaf8824faafacb2f

Red Hat Enterprise Linux Server for Power LE - Update Services for SAP Solutions 9.0

SRPM
thunderbird-115.7.0-1.el9_0.src.rpm SHA-256: 56d97e802ffb8b1904c146b84f1b86262e7675b2af184bf123f5f7042a8c303d
ppc64le
thunderbird-115.7.0-1.el9_0.ppc64le.rpm SHA-256: 48e5af4c05646baa1562c65b08a5e471babc1ac43b5b8654b2cc5d3db4fa4987
thunderbird-debuginfo-115.7.0-1.el9_0.ppc64le.rpm SHA-256: 7ba81be734a1afd0508d16a651f5bfddd08c6a28f5a303f464247f7f21f334b2
thunderbird-debugsource-115.7.0-1.el9_0.ppc64le.rpm SHA-256: b80c7bdc0764545c4367b230e0972c7733cbb32dbb38d79e782c4c5275dc661e

Red Hat Enterprise Linux for x86_64 - Update Services for SAP Solutions 9.0

SRPM
thunderbird-115.7.0-1.el9_0.src.rpm SHA-256: 56d97e802ffb8b1904c146b84f1b86262e7675b2af184bf123f5f7042a8c303d
x86_64
thunderbird-115.7.0-1.el9_0.x86_64.rpm SHA-256: ef01e5bf09de83f8f12042b8e3f9d0972f2da8ddd13743549dd0e0a6fcd8f4c9
thunderbird-debuginfo-115.7.0-1.el9_0.x86_64.rpm SHA-256: 9f513923cdd1be547c138c0a52ea382bb80d5a7988823e2e9dbf23df67d9aec4
thunderbird-debugsource-115.7.0-1.el9_0.x86_64.rpm SHA-256: 12eef9308f87d8e3e61cbbbbb0b76e7de830e38b3cedfa08b46bb0af7351cb4b

Red Hat Enterprise Linux for ARM 64 - 4 years of updates 9.0

SRPM
thunderbird-115.7.0-1.el9_0.src.rpm SHA-256: 56d97e802ffb8b1904c146b84f1b86262e7675b2af184bf123f5f7042a8c303d
aarch64
thunderbird-115.7.0-1.el9_0.aarch64.rpm SHA-256: 593fcdcf0ddc5614681f60d56eac375a3544890cd636c2efbe1c4f15c236fa31
thunderbird-debuginfo-115.7.0-1.el9_0.aarch64.rpm SHA-256: 87a7b8c5008ead258a2eb415ba43c3fcfe81b8435dd1e164d72abee7bcce2c00
thunderbird-debugsource-115.7.0-1.el9_0.aarch64.rpm SHA-256: 72fca4c5a576e45ab4578fdc4bf5d8c771b341f4d003c4a1aaf8824faafacb2f

Red Hat Enterprise Linux for IBM z Systems - 4 years of updates 9.0

SRPM
thunderbird-115.7.0-1.el9_0.src.rpm SHA-256: 56d97e802ffb8b1904c146b84f1b86262e7675b2af184bf123f5f7042a8c303d
s390x
thunderbird-115.7.0-1.el9_0.s390x.rpm SHA-256: 1434d520b5def685797c49201965610368f195a350118f7c4a960cd01a347e49
thunderbird-debuginfo-115.7.0-1.el9_0.s390x.rpm SHA-256: 5131f439725bb1c02be60255edad0355bb71895d7254c1592777a3ca20e251dc
thunderbird-debugsource-115.7.0-1.el9_0.s390x.rpm SHA-256: 19998854cfcceffff07461fc1441b3ab8b4224aabda5b10615ff3875a9baee60

The Red Hat security contact is secalert@redhat.com. More contact details at https://access.redhat.com/security/team/contact/.