Red Hat Product Errata RHSA-2024:10592 - Security Advisory
Issued:
2024-12-02
Updated:
2024-12-02

RHSA-2024:10592 - Security Advisory

Synopsis

Important: thunderbird security update

Type/Severity

Security Advisory: Important

Red Hat Insights patch analysis

Identify and remediate systems affected by this advisory.

View affected systems

Topic

An update for thunderbird is now available for Red Hat Enterprise Linux 9.

Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.

Description

Mozilla Thunderbird is a standalone mail and newsgroup client.

Security Fix(es):

  • thunderbird: Potential disclosure of plaintext in OpenPGP encrypted message (CVE-2024-11159)
  • firefox: thunderbird: CSP Bypass and XSS Exposure via Web Compatibility Shims (CVE-2024-11694)
  • firefox: thunderbird: Unhandled Exception in Add-on Signature Verification (CVE-2024-11696)
  • firefox: thunderbird: Select list elements could be shown over another site (CVE-2024-11692)
  • firefox: thunderbird: Memory safety bugs fixed in Firefox 133, Thunderbird 133, Firefox ESR 128.5, and Thunderbird 128.5 (CVE-2024-11699)
  • firefox: thunderbird: URL Bar Spoofing via Manipulated Punycode and Whitespace Characters (CVE-2024-11695)
  • firefox: thunderbird: Improper Keypress Handling in Executable File Confirmation Dialog (CVE-2024-11697)

For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.

Solution

For details on how to apply this update, which includes the changes described in this advisory, refer to:

https://access.redhat.com/articles/11258

Affected Products

  • Red Hat Enterprise Linux for x86_64 9 x86_64
  • Red Hat Enterprise Linux for x86_64 - Extended Update Support 9.6 x86_64
  • Red Hat Enterprise Linux Server - AUS 9.6 x86_64
  • Red Hat Enterprise Linux for IBM z Systems 9 s390x
  • Red Hat Enterprise Linux for IBM z Systems - Extended Update Support 9.6 s390x
  • Red Hat Enterprise Linux for Power, little endian 9 ppc64le
  • Red Hat Enterprise Linux for Power, little endian - Extended Update Support 9.6 ppc64le
  • Red Hat Enterprise Linux for ARM 64 9 aarch64
  • Red Hat Enterprise Linux for ARM 64 - Extended Update Support 9.6 aarch64
  • Red Hat Enterprise Linux Server for Power LE - Update Services for SAP Solutions 9.6 ppc64le
  • Red Hat Enterprise Linux for x86_64 - Update Services for SAP Solutions 9.6 x86_64
  • Red Hat Enterprise Linux for ARM 64 - 4 years of updates 9.6 aarch64
  • Red Hat Enterprise Linux for IBM z Systems - 4 years of updates 9.6 s390x

Fixes

  • BZ - 2325896 - CVE-2024-11159 thunderbird: Potential disclosure of plaintext in OpenPGP encrypted message
  • BZ - 2328941 - CVE-2024-11694 firefox: thunderbird: CSP Bypass and XSS Exposure via Web Compatibility Shims
  • BZ - 2328943 - CVE-2024-11696 firefox: thunderbird: Unhandled Exception in Add-on Signature Verification
  • BZ - 2328946 - CVE-2024-11692 firefox: thunderbird: Select list elements could be shown over another site
  • BZ - 2328947 - CVE-2024-11699 firefox: thunderbird: Memory safety bugs fixed in Firefox 133, Thunderbird 133, Firefox ESR 128.5, and Thunderbird 128.5
  • BZ - 2328948 - CVE-2024-11695 firefox: thunderbird: URL Bar Spoofing via Manipulated Punycode and Whitespace Characters
  • BZ - 2328950 - CVE-2024-11697 firefox: thunderbird: Improper Keypress Handling in Executable File Confirmation Dialog

Red Hat Enterprise Linux for x86_64 9

SRPM
thunderbird-128.5.0-1.el9_5.src.rpm SHA-256: 2e64ecd4e57e3c9cf8f26e64f341bfad34655d9a1415ace472645202531862cf
x86_64
thunderbird-128.5.0-1.el9_5.x86_64.rpm SHA-256: 929005fdceb2a6bdbf22190192c9dc22bc16ccaf7891153b944f85bec04a0ca9
thunderbird-debuginfo-128.5.0-1.el9_5.x86_64.rpm SHA-256: 5e0d0104240eb4c9f1290cf7cb62adc0d6cf11d7f4b685cc72d5c0efb98bf804
thunderbird-debugsource-128.5.0-1.el9_5.x86_64.rpm SHA-256: e4375ed60177f8427654b0fa52dc67f26f2391e87eae69059979320fff2c7c33

Red Hat Enterprise Linux for x86_64 - Extended Update Support 9.6

SRPM
thunderbird-128.5.0-1.el9_5.src.rpm SHA-256: 2e64ecd4e57e3c9cf8f26e64f341bfad34655d9a1415ace472645202531862cf
x86_64
thunderbird-128.5.0-1.el9_5.x86_64.rpm SHA-256: 929005fdceb2a6bdbf22190192c9dc22bc16ccaf7891153b944f85bec04a0ca9
thunderbird-debuginfo-128.5.0-1.el9_5.x86_64.rpm SHA-256: 5e0d0104240eb4c9f1290cf7cb62adc0d6cf11d7f4b685cc72d5c0efb98bf804
thunderbird-debugsource-128.5.0-1.el9_5.x86_64.rpm SHA-256: e4375ed60177f8427654b0fa52dc67f26f2391e87eae69059979320fff2c7c33

Red Hat Enterprise Linux Server - AUS 9.6

SRPM
thunderbird-128.5.0-1.el9_5.src.rpm SHA-256: 2e64ecd4e57e3c9cf8f26e64f341bfad34655d9a1415ace472645202531862cf
x86_64
thunderbird-128.5.0-1.el9_5.x86_64.rpm SHA-256: 929005fdceb2a6bdbf22190192c9dc22bc16ccaf7891153b944f85bec04a0ca9
thunderbird-debuginfo-128.5.0-1.el9_5.x86_64.rpm SHA-256: 5e0d0104240eb4c9f1290cf7cb62adc0d6cf11d7f4b685cc72d5c0efb98bf804
thunderbird-debugsource-128.5.0-1.el9_5.x86_64.rpm SHA-256: e4375ed60177f8427654b0fa52dc67f26f2391e87eae69059979320fff2c7c33

Red Hat Enterprise Linux for IBM z Systems 9

SRPM
thunderbird-128.5.0-1.el9_5.src.rpm SHA-256: 2e64ecd4e57e3c9cf8f26e64f341bfad34655d9a1415ace472645202531862cf
s390x
thunderbird-128.5.0-1.el9_5.s390x.rpm SHA-256: 9e0292a0865b04792a54a264e497bc2f1fdebdfead76c5136306d43520712c97
thunderbird-debuginfo-128.5.0-1.el9_5.s390x.rpm SHA-256: 44dc1a38497702f46eedf3cc96e00cf4408138a411ae212d4b8932c3551357bd
thunderbird-debugsource-128.5.0-1.el9_5.s390x.rpm SHA-256: cfac0bafb5d44d05bd9cc97088289c366cb1c883d35d99c1576c6b1cedc53229

Red Hat Enterprise Linux for IBM z Systems - Extended Update Support 9.6

SRPM
thunderbird-128.5.0-1.el9_5.src.rpm SHA-256: 2e64ecd4e57e3c9cf8f26e64f341bfad34655d9a1415ace472645202531862cf
s390x
thunderbird-128.5.0-1.el9_5.s390x.rpm SHA-256: 9e0292a0865b04792a54a264e497bc2f1fdebdfead76c5136306d43520712c97
thunderbird-debuginfo-128.5.0-1.el9_5.s390x.rpm SHA-256: 44dc1a38497702f46eedf3cc96e00cf4408138a411ae212d4b8932c3551357bd
thunderbird-debugsource-128.5.0-1.el9_5.s390x.rpm SHA-256: cfac0bafb5d44d05bd9cc97088289c366cb1c883d35d99c1576c6b1cedc53229

Red Hat Enterprise Linux for Power, little endian 9

SRPM
thunderbird-128.5.0-1.el9_5.src.rpm SHA-256: 2e64ecd4e57e3c9cf8f26e64f341bfad34655d9a1415ace472645202531862cf
ppc64le
thunderbird-128.5.0-1.el9_5.ppc64le.rpm SHA-256: 9f6d8880241bd78410c45dae7e74e14cbad20e3a5ce6a9aa243b31fb89df282c
thunderbird-debuginfo-128.5.0-1.el9_5.ppc64le.rpm SHA-256: 45ffa7edc5f38b8da0ae04c1ed143a170ee05987bde4712474d654c54e1178f9
thunderbird-debugsource-128.5.0-1.el9_5.ppc64le.rpm SHA-256: dfe11817dffe0485131ae679d30ff870de5f77dfaa47a234d44107ccebb53a6f

Red Hat Enterprise Linux for Power, little endian - Extended Update Support 9.6

SRPM
thunderbird-128.5.0-1.el9_5.src.rpm SHA-256: 2e64ecd4e57e3c9cf8f26e64f341bfad34655d9a1415ace472645202531862cf
ppc64le
thunderbird-128.5.0-1.el9_5.ppc64le.rpm SHA-256: 9f6d8880241bd78410c45dae7e74e14cbad20e3a5ce6a9aa243b31fb89df282c
thunderbird-debuginfo-128.5.0-1.el9_5.ppc64le.rpm SHA-256: 45ffa7edc5f38b8da0ae04c1ed143a170ee05987bde4712474d654c54e1178f9
thunderbird-debugsource-128.5.0-1.el9_5.ppc64le.rpm SHA-256: dfe11817dffe0485131ae679d30ff870de5f77dfaa47a234d44107ccebb53a6f

Red Hat Enterprise Linux for ARM 64 9

SRPM
thunderbird-128.5.0-1.el9_5.src.rpm SHA-256: 2e64ecd4e57e3c9cf8f26e64f341bfad34655d9a1415ace472645202531862cf
aarch64
thunderbird-128.5.0-1.el9_5.aarch64.rpm SHA-256: a4b5fd11ef3a032cff12c41c4c94b092acd75f6b7294b4574252d655683a9885
thunderbird-debuginfo-128.5.0-1.el9_5.aarch64.rpm SHA-256: 3b4d9341ebeec87a1622b4cd34d976756485625cc36a194f55576b35ee592f66
thunderbird-debugsource-128.5.0-1.el9_5.aarch64.rpm SHA-256: 5c3882c64178fc7712cdca2656cce809087ac57c0b71348a14e986ba61eabcfc

Red Hat Enterprise Linux for ARM 64 - Extended Update Support 9.6

SRPM
thunderbird-128.5.0-1.el9_5.src.rpm SHA-256: 2e64ecd4e57e3c9cf8f26e64f341bfad34655d9a1415ace472645202531862cf
aarch64
thunderbird-128.5.0-1.el9_5.aarch64.rpm SHA-256: a4b5fd11ef3a032cff12c41c4c94b092acd75f6b7294b4574252d655683a9885
thunderbird-debuginfo-128.5.0-1.el9_5.aarch64.rpm SHA-256: 3b4d9341ebeec87a1622b4cd34d976756485625cc36a194f55576b35ee592f66
thunderbird-debugsource-128.5.0-1.el9_5.aarch64.rpm SHA-256: 5c3882c64178fc7712cdca2656cce809087ac57c0b71348a14e986ba61eabcfc

Red Hat Enterprise Linux Server for Power LE - Update Services for SAP Solutions 9.6

SRPM
thunderbird-128.5.0-1.el9_5.src.rpm SHA-256: 2e64ecd4e57e3c9cf8f26e64f341bfad34655d9a1415ace472645202531862cf
ppc64le
thunderbird-128.5.0-1.el9_5.ppc64le.rpm SHA-256: 9f6d8880241bd78410c45dae7e74e14cbad20e3a5ce6a9aa243b31fb89df282c
thunderbird-debuginfo-128.5.0-1.el9_5.ppc64le.rpm SHA-256: 45ffa7edc5f38b8da0ae04c1ed143a170ee05987bde4712474d654c54e1178f9
thunderbird-debugsource-128.5.0-1.el9_5.ppc64le.rpm SHA-256: dfe11817dffe0485131ae679d30ff870de5f77dfaa47a234d44107ccebb53a6f

Red Hat Enterprise Linux for x86_64 - Update Services for SAP Solutions 9.6

SRPM
thunderbird-128.5.0-1.el9_5.src.rpm SHA-256: 2e64ecd4e57e3c9cf8f26e64f341bfad34655d9a1415ace472645202531862cf
x86_64
thunderbird-128.5.0-1.el9_5.x86_64.rpm SHA-256: 929005fdceb2a6bdbf22190192c9dc22bc16ccaf7891153b944f85bec04a0ca9
thunderbird-debuginfo-128.5.0-1.el9_5.x86_64.rpm SHA-256: 5e0d0104240eb4c9f1290cf7cb62adc0d6cf11d7f4b685cc72d5c0efb98bf804
thunderbird-debugsource-128.5.0-1.el9_5.x86_64.rpm SHA-256: e4375ed60177f8427654b0fa52dc67f26f2391e87eae69059979320fff2c7c33

Red Hat Enterprise Linux for ARM 64 - 4 years of updates 9.6

SRPM
thunderbird-128.5.0-1.el9_5.src.rpm SHA-256: 2e64ecd4e57e3c9cf8f26e64f341bfad34655d9a1415ace472645202531862cf
aarch64
thunderbird-128.5.0-1.el9_5.aarch64.rpm SHA-256: a4b5fd11ef3a032cff12c41c4c94b092acd75f6b7294b4574252d655683a9885
thunderbird-debuginfo-128.5.0-1.el9_5.aarch64.rpm SHA-256: 3b4d9341ebeec87a1622b4cd34d976756485625cc36a194f55576b35ee592f66
thunderbird-debugsource-128.5.0-1.el9_5.aarch64.rpm SHA-256: 5c3882c64178fc7712cdca2656cce809087ac57c0b71348a14e986ba61eabcfc

Red Hat Enterprise Linux for IBM z Systems - 4 years of updates 9.6

SRPM
thunderbird-128.5.0-1.el9_5.src.rpm SHA-256: 2e64ecd4e57e3c9cf8f26e64f341bfad34655d9a1415ace472645202531862cf
s390x
thunderbird-128.5.0-1.el9_5.s390x.rpm SHA-256: 9e0292a0865b04792a54a264e497bc2f1fdebdfead76c5136306d43520712c97
thunderbird-debuginfo-128.5.0-1.el9_5.s390x.rpm SHA-256: 44dc1a38497702f46eedf3cc96e00cf4408138a411ae212d4b8932c3551357bd
thunderbird-debugsource-128.5.0-1.el9_5.s390x.rpm SHA-256: cfac0bafb5d44d05bd9cc97088289c366cb1c883d35d99c1576c6b1cedc53229

The Red Hat security contact is secalert@redhat.com. More contact details at https://access.redhat.com/security/team/contact/.