Red Hat Product Errata RHSA-2024:0961 - Security Advisory
Issued:
2024-02-26
Updated:
2024-02-26

RHSA-2024:0961 - Security Advisory

Synopsis

Important: thunderbird security update

Type/Severity

Security Advisory: Important

Red Hat Insights patch analysis

Identify and remediate systems affected by this advisory.

View affected systems

Topic

An update for thunderbird is now available for Red Hat Enterprise Linux 8.8 Extended Update Support.

Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.

Description

Mozilla Thunderbird is a standalone mail and newsgroup client.

This update upgrades Thunderbird to version 115.8.0.

Security Fix(es):

  • Mozilla: Out-of-bounds memory read in networking channels (CVE-2024-1546)
  • Mozilla: Alert dialog could have been spoofed on another site (CVE-2024-1547)
  • Mozilla: Memory safety bugs fixed in Firefox 123, Firefox ESR 115.8, and Thunderbird 115.8 (CVE-2024-1553)
  • Mozilla: Fullscreen Notification could have been hidden by select element (CVE-2024-1548)
  • Mozilla: Custom cursor could obscure the permission dialog (CVE-2024-1549)
  • Mozilla: Mouse cursor re-positioned unexpectedly could have led to unintended permission grants (CVE-2024-1550)
  • Mozilla: Multipart HTTP Responses would accept the Set-Cookie header in response parts (CVE-2024-1551)
  • Mozilla: Incorrect code generation on 32-bit ARM devices (CVE-2024-1552)

For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.

Solution

For details on how to apply this update, which includes the changes described in this advisory, refer to:

https://access.redhat.com/articles/11258

All running instances of Thunderbird must be restarted for the update to take effect.

Affected Products

  • Red Hat Enterprise Linux for x86_64 - Extended Update Support Extension 8.8 x86_64
  • Red Hat Enterprise Linux for x86_64 - Extended Update Support 8.8 x86_64
  • Red Hat Enterprise Linux for IBM z Systems - Extended Update Support 8.8 s390x
  • Red Hat Enterprise Linux for Power, little endian - Extended Update Support 8.8 ppc64le
  • Red Hat Enterprise Linux Server - TUS 8.8 x86_64
  • Red Hat Enterprise Linux for ARM 64 - Extended Update Support 8.8 aarch64
  • Red Hat Enterprise Linux Server for Power LE - Update Services for SAP Solutions 8.8 ppc64le
  • Red Hat Enterprise Linux for x86_64 - Update Services for SAP Solutions 8.8 x86_64

Fixes

  • BZ - 2265349 - CVE-2024-1546 Mozilla: Out-of-bounds memory read in networking channels
  • BZ - 2265350 - CVE-2024-1547 Mozilla: Alert dialog could have been spoofed on another site
  • BZ - 2265351 - CVE-2024-1548 Mozilla: Fullscreen Notification could have been hidden by select element
  • BZ - 2265352 - CVE-2024-1549 Mozilla: Custom cursor could obscure the permission dialog
  • BZ - 2265353 - CVE-2024-1550 Mozilla: Mouse cursor re-positioned unexpectedly could have led to unintended permission grants
  • BZ - 2265354 - CVE-2024-1551 Mozilla: Multipart HTTP Responses would accept the Set-Cookie header in response parts
  • BZ - 2265355 - CVE-2024-1552 Mozilla: Incorrect code generation on 32-bit ARM devices
  • BZ - 2265356 - CVE-2024-1553 Mozilla: Memory safety bugs fixed in Firefox 123, Firefox ESR 115.8, and Thunderbird 115.8

Red Hat Enterprise Linux for x86_64 - Extended Update Support 8.8

SRPM
thunderbird-115.8.0-1.el8_8.src.rpm SHA-256: 01051170bdf6fe40b35738eb9ab236eb10f9395b3dfdc61dc04c8bd0c3722d99
x86_64
thunderbird-115.8.0-1.el8_8.x86_64.rpm SHA-256: a5c3f47598d974ea8ff61b5d0863eddc1e0473bdbe0830a220273fec2f44904d
thunderbird-debuginfo-115.8.0-1.el8_8.x86_64.rpm SHA-256: 1a0e79b99b891b2e191b674071f909d87786bee5ae07d7e64e85c138b5bf5218
thunderbird-debugsource-115.8.0-1.el8_8.x86_64.rpm SHA-256: 0733174ba1a0effcf019c797b4bef67370d3edcd82a09543c81aaa83f639d516

Red Hat Enterprise Linux for x86_64 - Extended Update Support Extension 8.8

SRPM
thunderbird-115.8.0-1.el8_8.src.rpm SHA-256: 01051170bdf6fe40b35738eb9ab236eb10f9395b3dfdc61dc04c8bd0c3722d99
x86_64
thunderbird-115.8.0-1.el8_8.x86_64.rpm SHA-256: a5c3f47598d974ea8ff61b5d0863eddc1e0473bdbe0830a220273fec2f44904d
thunderbird-debuginfo-115.8.0-1.el8_8.x86_64.rpm SHA-256: 1a0e79b99b891b2e191b674071f909d87786bee5ae07d7e64e85c138b5bf5218
thunderbird-debugsource-115.8.0-1.el8_8.x86_64.rpm SHA-256: 0733174ba1a0effcf019c797b4bef67370d3edcd82a09543c81aaa83f639d516

Red Hat Enterprise Linux for IBM z Systems - Extended Update Support 8.8

SRPM
thunderbird-115.8.0-1.el8_8.src.rpm SHA-256: 01051170bdf6fe40b35738eb9ab236eb10f9395b3dfdc61dc04c8bd0c3722d99
s390x
thunderbird-115.8.0-1.el8_8.s390x.rpm SHA-256: d780a9a6a9b437347e3d8ec4767c0a9201f7722f69fd70efce213a3d4aa741ae
thunderbird-debuginfo-115.8.0-1.el8_8.s390x.rpm SHA-256: 835fa28e16dd726713ad67b10edb2bdf6a92195d66a773f370ec0c1ab72b8c49
thunderbird-debugsource-115.8.0-1.el8_8.s390x.rpm SHA-256: 8c6fc88c3d908f7d31331e1d0f9dbbbfb7b22a09ef27f96f3c02abf0843c4872

Red Hat Enterprise Linux for Power, little endian - Extended Update Support 8.8

SRPM
thunderbird-115.8.0-1.el8_8.src.rpm SHA-256: 01051170bdf6fe40b35738eb9ab236eb10f9395b3dfdc61dc04c8bd0c3722d99
ppc64le
thunderbird-115.8.0-1.el8_8.ppc64le.rpm SHA-256: 1792daa26a0b6ca882de05b824e8107e90392b2d60ffe03bda92747304d7bc9c
thunderbird-debuginfo-115.8.0-1.el8_8.ppc64le.rpm SHA-256: a6f2f0f78d573c6c32e9c81abfd9c90b5ddacde66cb6dda7e191fed75c528aac
thunderbird-debugsource-115.8.0-1.el8_8.ppc64le.rpm SHA-256: 21d0d94e690509b62714b93a55343ea32a2bc2e0984def5d28cf75a0e8c7cbbf

Red Hat Enterprise Linux Server - TUS 8.8

SRPM
thunderbird-115.8.0-1.el8_8.src.rpm SHA-256: 01051170bdf6fe40b35738eb9ab236eb10f9395b3dfdc61dc04c8bd0c3722d99
x86_64
thunderbird-115.8.0-1.el8_8.x86_64.rpm SHA-256: a5c3f47598d974ea8ff61b5d0863eddc1e0473bdbe0830a220273fec2f44904d
thunderbird-debuginfo-115.8.0-1.el8_8.x86_64.rpm SHA-256: 1a0e79b99b891b2e191b674071f909d87786bee5ae07d7e64e85c138b5bf5218
thunderbird-debugsource-115.8.0-1.el8_8.x86_64.rpm SHA-256: 0733174ba1a0effcf019c797b4bef67370d3edcd82a09543c81aaa83f639d516

Red Hat Enterprise Linux for ARM 64 - Extended Update Support 8.8

SRPM
thunderbird-115.8.0-1.el8_8.src.rpm SHA-256: 01051170bdf6fe40b35738eb9ab236eb10f9395b3dfdc61dc04c8bd0c3722d99
aarch64
thunderbird-115.8.0-1.el8_8.aarch64.rpm SHA-256: 1a56aae530f40f56f330a17540f6c0f3b4e524a84a54abacb067aaa2204e2c38
thunderbird-debuginfo-115.8.0-1.el8_8.aarch64.rpm SHA-256: 706e59f3facba309fd5536f01430bac73daa57e5a66241693d8f1b90b423fe37
thunderbird-debugsource-115.8.0-1.el8_8.aarch64.rpm SHA-256: c57d1e5f35e974998e1627cf76ff8ca362606a5dcfdf755a08a02e43bf8b3d0e

Red Hat Enterprise Linux Server for Power LE - Update Services for SAP Solutions 8.8

SRPM
thunderbird-115.8.0-1.el8_8.src.rpm SHA-256: 01051170bdf6fe40b35738eb9ab236eb10f9395b3dfdc61dc04c8bd0c3722d99
ppc64le
thunderbird-115.8.0-1.el8_8.ppc64le.rpm SHA-256: 1792daa26a0b6ca882de05b824e8107e90392b2d60ffe03bda92747304d7bc9c
thunderbird-debuginfo-115.8.0-1.el8_8.ppc64le.rpm SHA-256: a6f2f0f78d573c6c32e9c81abfd9c90b5ddacde66cb6dda7e191fed75c528aac
thunderbird-debugsource-115.8.0-1.el8_8.ppc64le.rpm SHA-256: 21d0d94e690509b62714b93a55343ea32a2bc2e0984def5d28cf75a0e8c7cbbf

Red Hat Enterprise Linux for x86_64 - Update Services for SAP Solutions 8.8

SRPM
thunderbird-115.8.0-1.el8_8.src.rpm SHA-256: 01051170bdf6fe40b35738eb9ab236eb10f9395b3dfdc61dc04c8bd0c3722d99
x86_64
thunderbird-115.8.0-1.el8_8.x86_64.rpm SHA-256: a5c3f47598d974ea8ff61b5d0863eddc1e0473bdbe0830a220273fec2f44904d
thunderbird-debuginfo-115.8.0-1.el8_8.x86_64.rpm SHA-256: 1a0e79b99b891b2e191b674071f909d87786bee5ae07d7e64e85c138b5bf5218
thunderbird-debugsource-115.8.0-1.el8_8.x86_64.rpm SHA-256: 0733174ba1a0effcf019c797b4bef67370d3edcd82a09543c81aaa83f639d516

The Red Hat security contact is secalert@redhat.com. More contact details at https://access.redhat.com/security/team/contact/.