Red Hat Product Errata RHSA-2024:0962 - Security Advisory
Issued:
2024-02-26
Updated:
2024-02-26

RHSA-2024:0962 - Security Advisory

Synopsis

Important: thunderbird security update

Type/Severity

Security Advisory: Important

Red Hat Insights patch analysis

Identify and remediate systems affected by this advisory.

View affected systems

Topic

An update for thunderbird is now available for Red Hat Enterprise Linux 9.0 Extended Update Support.

Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.

Description

Mozilla Thunderbird is a standalone mail and newsgroup client.

This update upgrades Thunderbird to version 115.8.0.

Security Fix(es):

  • Mozilla: Out-of-bounds memory read in networking channels (CVE-2024-1546)
  • Mozilla: Alert dialog could have been spoofed on another site (CVE-2024-1547)
  • Mozilla: Memory safety bugs fixed in Firefox 123, Firefox ESR 115.8, and Thunderbird 115.8 (CVE-2024-1553)
  • Mozilla: Fullscreen Notification could have been hidden by select element (CVE-2024-1548)
  • Mozilla: Custom cursor could obscure the permission dialog (CVE-2024-1549)
  • Mozilla: Mouse cursor re-positioned unexpectedly could have led to unintended permission grants (CVE-2024-1550)
  • Mozilla: Multipart HTTP Responses would accept the Set-Cookie header in response parts (CVE-2024-1551)
  • Mozilla: Incorrect code generation on 32-bit ARM devices (CVE-2024-1552)

For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.

Solution

For details on how to apply this update, which includes the changes described in this advisory, refer to:

https://access.redhat.com/articles/11258

All running instances of Thunderbird must be restarted for the update to take effect.

Affected Products

  • Red Hat Enterprise Linux for x86_64 - Extended Update Support 9.0 x86_64
  • Red Hat Enterprise Linux for IBM z Systems - Extended Update Support 9.0 s390x
  • Red Hat Enterprise Linux for Power, little endian - Extended Update Support 9.0 ppc64le
  • Red Hat Enterprise Linux for ARM 64 - Extended Update Support 9.0 aarch64
  • Red Hat Enterprise Linux Server for Power LE - Update Services for SAP Solutions 9.0 ppc64le
  • Red Hat Enterprise Linux for x86_64 - Update Services for SAP Solutions 9.0 x86_64
  • Red Hat Enterprise Linux for ARM 64 - 4 years of updates 9.0 aarch64
  • Red Hat Enterprise Linux for IBM z Systems - 4 years of updates 9.0 s390x

Fixes

  • BZ - 2265349 - CVE-2024-1546 Mozilla: Out-of-bounds memory read in networking channels
  • BZ - 2265350 - CVE-2024-1547 Mozilla: Alert dialog could have been spoofed on another site
  • BZ - 2265351 - CVE-2024-1548 Mozilla: Fullscreen Notification could have been hidden by select element
  • BZ - 2265352 - CVE-2024-1549 Mozilla: Custom cursor could obscure the permission dialog
  • BZ - 2265353 - CVE-2024-1550 Mozilla: Mouse cursor re-positioned unexpectedly could have led to unintended permission grants
  • BZ - 2265354 - CVE-2024-1551 Mozilla: Multipart HTTP Responses would accept the Set-Cookie header in response parts
  • BZ - 2265355 - CVE-2024-1552 Mozilla: Incorrect code generation on 32-bit ARM devices
  • BZ - 2265356 - CVE-2024-1553 Mozilla: Memory safety bugs fixed in Firefox 123, Firefox ESR 115.8, and Thunderbird 115.8

Red Hat Enterprise Linux for x86_64 - Extended Update Support 9.0

SRPM
thunderbird-115.8.0-1.el9_0.src.rpm SHA-256: d8af597f1973b80a156beb3ce37bc65b662ba8d083e6a4de464c118a744199fc
x86_64
thunderbird-115.8.0-1.el9_0.x86_64.rpm SHA-256: 65b280dca78848fd29b6955b65d9762e0e4a91fea68cfacd499de217ab27235c
thunderbird-debuginfo-115.8.0-1.el9_0.x86_64.rpm SHA-256: 161bbfbd6f80f187687762700cacad9061053977fefc543ff467d561631afd85
thunderbird-debugsource-115.8.0-1.el9_0.x86_64.rpm SHA-256: 8f9ccfe542eeb1e5774d8f5565f1f8e84e51255096c288c2ac710b7e62c5ece8

Red Hat Enterprise Linux for IBM z Systems - Extended Update Support 9.0

SRPM
thunderbird-115.8.0-1.el9_0.src.rpm SHA-256: d8af597f1973b80a156beb3ce37bc65b662ba8d083e6a4de464c118a744199fc
s390x
thunderbird-115.8.0-1.el9_0.s390x.rpm SHA-256: 2b6502c4a503bc8fd460f89f67513f6c63b2849a592e8beac146c1e738adae60
thunderbird-debuginfo-115.8.0-1.el9_0.s390x.rpm SHA-256: 45e446a52ffcb1489a07c8987020c6b5caa5146b34b7e9ade29abc008ab0cf10
thunderbird-debugsource-115.8.0-1.el9_0.s390x.rpm SHA-256: 30d2cb49747ea1ce3e68d0adfbe4cf8be4f7e72bcf2f5af7d35c1ecf02cc615b

Red Hat Enterprise Linux for Power, little endian - Extended Update Support 9.0

SRPM
thunderbird-115.8.0-1.el9_0.src.rpm SHA-256: d8af597f1973b80a156beb3ce37bc65b662ba8d083e6a4de464c118a744199fc
ppc64le
thunderbird-115.8.0-1.el9_0.ppc64le.rpm SHA-256: b50f7aee044ccab58ef644b5fb5935faee51b3b2c38456ff3e6c35bca6df7764
thunderbird-debuginfo-115.8.0-1.el9_0.ppc64le.rpm SHA-256: 2e2c609596fa8ad9c0ad74dc8d157468947decf3e589e782cea7620ff91b5b5e
thunderbird-debugsource-115.8.0-1.el9_0.ppc64le.rpm SHA-256: 332380c7b03476369b3221689168042dbe5a9a45bcb4d363bc10aa20c889afa0

Red Hat Enterprise Linux for ARM 64 - Extended Update Support 9.0

SRPM
thunderbird-115.8.0-1.el9_0.src.rpm SHA-256: d8af597f1973b80a156beb3ce37bc65b662ba8d083e6a4de464c118a744199fc
aarch64
thunderbird-115.8.0-1.el9_0.aarch64.rpm SHA-256: 395c46009ad3b3add289f9caee7615bfe29eacb153b3203626d72068e4076429
thunderbird-debuginfo-115.8.0-1.el9_0.aarch64.rpm SHA-256: 0df91ab939e8f0fefdabe47b0590b72a6b197a6e5e57859a1a9dbe86a062c55a
thunderbird-debugsource-115.8.0-1.el9_0.aarch64.rpm SHA-256: 30e63fa7da2262f0928598cadfe5284766c3e410e029dd00d3a26a309f9200ad

Red Hat Enterprise Linux Server for Power LE - Update Services for SAP Solutions 9.0

SRPM
thunderbird-115.8.0-1.el9_0.src.rpm SHA-256: d8af597f1973b80a156beb3ce37bc65b662ba8d083e6a4de464c118a744199fc
ppc64le
thunderbird-115.8.0-1.el9_0.ppc64le.rpm SHA-256: b50f7aee044ccab58ef644b5fb5935faee51b3b2c38456ff3e6c35bca6df7764
thunderbird-debuginfo-115.8.0-1.el9_0.ppc64le.rpm SHA-256: 2e2c609596fa8ad9c0ad74dc8d157468947decf3e589e782cea7620ff91b5b5e
thunderbird-debugsource-115.8.0-1.el9_0.ppc64le.rpm SHA-256: 332380c7b03476369b3221689168042dbe5a9a45bcb4d363bc10aa20c889afa0

Red Hat Enterprise Linux for x86_64 - Update Services for SAP Solutions 9.0

SRPM
thunderbird-115.8.0-1.el9_0.src.rpm SHA-256: d8af597f1973b80a156beb3ce37bc65b662ba8d083e6a4de464c118a744199fc
x86_64
thunderbird-115.8.0-1.el9_0.x86_64.rpm SHA-256: 65b280dca78848fd29b6955b65d9762e0e4a91fea68cfacd499de217ab27235c
thunderbird-debuginfo-115.8.0-1.el9_0.x86_64.rpm SHA-256: 161bbfbd6f80f187687762700cacad9061053977fefc543ff467d561631afd85
thunderbird-debugsource-115.8.0-1.el9_0.x86_64.rpm SHA-256: 8f9ccfe542eeb1e5774d8f5565f1f8e84e51255096c288c2ac710b7e62c5ece8

Red Hat Enterprise Linux for ARM 64 - 4 years of updates 9.0

SRPM
thunderbird-115.8.0-1.el9_0.src.rpm SHA-256: d8af597f1973b80a156beb3ce37bc65b662ba8d083e6a4de464c118a744199fc
aarch64
thunderbird-115.8.0-1.el9_0.aarch64.rpm SHA-256: 395c46009ad3b3add289f9caee7615bfe29eacb153b3203626d72068e4076429
thunderbird-debuginfo-115.8.0-1.el9_0.aarch64.rpm SHA-256: 0df91ab939e8f0fefdabe47b0590b72a6b197a6e5e57859a1a9dbe86a062c55a
thunderbird-debugsource-115.8.0-1.el9_0.aarch64.rpm SHA-256: 30e63fa7da2262f0928598cadfe5284766c3e410e029dd00d3a26a309f9200ad

Red Hat Enterprise Linux for IBM z Systems - 4 years of updates 9.0

SRPM
thunderbird-115.8.0-1.el9_0.src.rpm SHA-256: d8af597f1973b80a156beb3ce37bc65b662ba8d083e6a4de464c118a744199fc
s390x
thunderbird-115.8.0-1.el9_0.s390x.rpm SHA-256: 2b6502c4a503bc8fd460f89f67513f6c63b2849a592e8beac146c1e738adae60
thunderbird-debuginfo-115.8.0-1.el9_0.s390x.rpm SHA-256: 45e446a52ffcb1489a07c8987020c6b5caa5146b34b7e9ade29abc008ab0cf10
thunderbird-debugsource-115.8.0-1.el9_0.s390x.rpm SHA-256: 30d2cb49747ea1ce3e68d0adfbe4cf8be4f7e72bcf2f5af7d35c1ecf02cc615b

The Red Hat security contact is secalert@redhat.com. More contact details at https://access.redhat.com/security/team/contact/.