Red Hat Product Errata RHSA-2024:10710 - Security Advisory
Issued:
2024-12-02
Updated:
2024-12-02

RHSA-2024:10710 - Security Advisory

Synopsis

Important: thunderbird security update

Type/Severity

Security Advisory: Important

Red Hat Insights patch analysis

Identify and remediate systems affected by this advisory.

View affected systems

Topic

An update for thunderbird is now available for Red Hat Enterprise Linux 8.8 Extended Update Support.

Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.

Description

Mozilla Thunderbird is a standalone mail and newsgroup client.

Security Fix(es):

  • thunderbird: Potential disclosure of plaintext in OpenPGP encrypted message (CVE-2024-11159)
  • firefox: thunderbird: CSP Bypass and XSS Exposure via Web Compatibility Shims (CVE-2024-11694)
  • firefox: thunderbird: Unhandled Exception in Add-on Signature Verification (CVE-2024-11696)
  • firefox: thunderbird: Select list elements could be shown over another site (CVE-2024-11692)
  • firefox: thunderbird: Memory safety bugs fixed in Firefox 133, Thunderbird 133, Firefox ESR 128.5, and Thunderbird 128.5 (CVE-2024-11699)
  • firefox: thunderbird: URL Bar Spoofing via Manipulated Punycode and Whitespace Characters (CVE-2024-11695)
  • firefox: thunderbird: Improper Keypress Handling in Executable File Confirmation Dialog (CVE-2024-11697)

For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.

Solution

For details on how to apply this update, which includes the changes described in this advisory, refer to:

https://access.redhat.com/articles/11258

Affected Products

  • Red Hat Enterprise Linux for x86_64 - Extended Update Support Extension 8.8 x86_64
  • Red Hat Enterprise Linux for x86_64 - Extended Update Support 8.8 x86_64
  • Red Hat Enterprise Linux for IBM z Systems - Extended Update Support 8.8 s390x
  • Red Hat Enterprise Linux for Power, little endian - Extended Update Support 8.8 ppc64le
  • Red Hat Enterprise Linux Server - TUS 8.8 x86_64
  • Red Hat Enterprise Linux for ARM 64 - Extended Update Support 8.8 aarch64
  • Red Hat Enterprise Linux Server for Power LE - Update Services for SAP Solutions 8.8 ppc64le
  • Red Hat Enterprise Linux for x86_64 - Update Services for SAP Solutions 8.8 x86_64

Fixes

  • BZ - 2325896 - CVE-2024-11159 thunderbird: Potential disclosure of plaintext in OpenPGP encrypted message
  • BZ - 2328941 - CVE-2024-11694 firefox: thunderbird: CSP Bypass and XSS Exposure via Web Compatibility Shims
  • BZ - 2328943 - CVE-2024-11696 firefox: thunderbird: Unhandled Exception in Add-on Signature Verification
  • BZ - 2328946 - CVE-2024-11692 firefox: thunderbird: Select list elements could be shown over another site
  • BZ - 2328947 - CVE-2024-11699 firefox: thunderbird: Memory safety bugs fixed in Firefox 133, Thunderbird 133, Firefox ESR 128.5, and Thunderbird 128.5
  • BZ - 2328948 - CVE-2024-11695 firefox: thunderbird: URL Bar Spoofing via Manipulated Punycode and Whitespace Characters
  • BZ - 2328950 - CVE-2024-11697 firefox: thunderbird: Improper Keypress Handling in Executable File Confirmation Dialog

Red Hat Enterprise Linux for x86_64 - Extended Update Support 8.8

SRPM
thunderbird-128.5.0-1.el8_8.src.rpm SHA-256: 0f6ed29e69b5270e9fc46dbb720ec26e1aa6e7905141f0e51ca8077a3fa3c946
x86_64
thunderbird-128.5.0-1.el8_8.x86_64.rpm SHA-256: 362ff5549e2d8ffe43fecc60d068ede2ed37cdb1cd5e61b6242de726cd5fc00f
thunderbird-debuginfo-128.5.0-1.el8_8.x86_64.rpm SHA-256: 4a8957570b4f79229cbf2f4428864b2838a0a8811fdac3d51df6464ffa3b1822
thunderbird-debugsource-128.5.0-1.el8_8.x86_64.rpm SHA-256: ec6a00d7b30ed44becd3a10a5f32880b6de280217cff79156f73f3677fc2315a

Red Hat Enterprise Linux for x86_64 - Extended Update Support Extension 8.8

SRPM
thunderbird-128.5.0-1.el8_8.src.rpm SHA-256: 0f6ed29e69b5270e9fc46dbb720ec26e1aa6e7905141f0e51ca8077a3fa3c946
x86_64
thunderbird-128.5.0-1.el8_8.x86_64.rpm SHA-256: 362ff5549e2d8ffe43fecc60d068ede2ed37cdb1cd5e61b6242de726cd5fc00f
thunderbird-debuginfo-128.5.0-1.el8_8.x86_64.rpm SHA-256: 4a8957570b4f79229cbf2f4428864b2838a0a8811fdac3d51df6464ffa3b1822
thunderbird-debugsource-128.5.0-1.el8_8.x86_64.rpm SHA-256: ec6a00d7b30ed44becd3a10a5f32880b6de280217cff79156f73f3677fc2315a

Red Hat Enterprise Linux for IBM z Systems - Extended Update Support 8.8

SRPM
thunderbird-128.5.0-1.el8_8.src.rpm SHA-256: 0f6ed29e69b5270e9fc46dbb720ec26e1aa6e7905141f0e51ca8077a3fa3c946
s390x
thunderbird-128.5.0-1.el8_8.s390x.rpm SHA-256: fd7368f4c0e362ea62f0fb736850f0ae823f2203eb4bb5577676cae1f59f59c0
thunderbird-debuginfo-128.5.0-1.el8_8.s390x.rpm SHA-256: 28c56726e8e542624b1295b01ac3035f2ca8aea20701ebb51e1ed05ff50739b7
thunderbird-debugsource-128.5.0-1.el8_8.s390x.rpm SHA-256: 7677770de086d958c8330d54776388ac3070e93659b0efb6ee8d383813b40229

Red Hat Enterprise Linux for Power, little endian - Extended Update Support 8.8

SRPM
thunderbird-128.5.0-1.el8_8.src.rpm SHA-256: 0f6ed29e69b5270e9fc46dbb720ec26e1aa6e7905141f0e51ca8077a3fa3c946
ppc64le
thunderbird-128.5.0-1.el8_8.ppc64le.rpm SHA-256: fae6e73e3ff5f71aae1da10f026a4195f229b6732baeb49ddc1f8975f8aae2e3
thunderbird-debuginfo-128.5.0-1.el8_8.ppc64le.rpm SHA-256: 837a813059fdcd5c8bdb8e6bee67829338ccd0acb7cb5f02e2be12a628d28cf8
thunderbird-debugsource-128.5.0-1.el8_8.ppc64le.rpm SHA-256: 2420d22bfabb12bd7010e498a878177ff4b227348064f0b6a8207fc070bcfbd5

Red Hat Enterprise Linux Server - TUS 8.8

SRPM
thunderbird-128.5.0-1.el8_8.src.rpm SHA-256: 0f6ed29e69b5270e9fc46dbb720ec26e1aa6e7905141f0e51ca8077a3fa3c946
x86_64
thunderbird-128.5.0-1.el8_8.x86_64.rpm SHA-256: 362ff5549e2d8ffe43fecc60d068ede2ed37cdb1cd5e61b6242de726cd5fc00f
thunderbird-debuginfo-128.5.0-1.el8_8.x86_64.rpm SHA-256: 4a8957570b4f79229cbf2f4428864b2838a0a8811fdac3d51df6464ffa3b1822
thunderbird-debugsource-128.5.0-1.el8_8.x86_64.rpm SHA-256: ec6a00d7b30ed44becd3a10a5f32880b6de280217cff79156f73f3677fc2315a

Red Hat Enterprise Linux for ARM 64 - Extended Update Support 8.8

SRPM
thunderbird-128.5.0-1.el8_8.src.rpm SHA-256: 0f6ed29e69b5270e9fc46dbb720ec26e1aa6e7905141f0e51ca8077a3fa3c946
aarch64
thunderbird-128.5.0-1.el8_8.aarch64.rpm SHA-256: 0f8eb744ee945797bc46bc0c87cc15fb02d42a5395fda16d33218b0e2f162883
thunderbird-debuginfo-128.5.0-1.el8_8.aarch64.rpm SHA-256: 2c091ca8e45199970836e2b5eefb8d64e873d39f45a1079915078f4ca8b4789e
thunderbird-debugsource-128.5.0-1.el8_8.aarch64.rpm SHA-256: 255b37e45f340776fd2e42a1dafc338d5578fe4c0ca8427db6d3e00be34cf708

Red Hat Enterprise Linux Server for Power LE - Update Services for SAP Solutions 8.8

SRPM
thunderbird-128.5.0-1.el8_8.src.rpm SHA-256: 0f6ed29e69b5270e9fc46dbb720ec26e1aa6e7905141f0e51ca8077a3fa3c946
ppc64le
thunderbird-128.5.0-1.el8_8.ppc64le.rpm SHA-256: fae6e73e3ff5f71aae1da10f026a4195f229b6732baeb49ddc1f8975f8aae2e3
thunderbird-debuginfo-128.5.0-1.el8_8.ppc64le.rpm SHA-256: 837a813059fdcd5c8bdb8e6bee67829338ccd0acb7cb5f02e2be12a628d28cf8
thunderbird-debugsource-128.5.0-1.el8_8.ppc64le.rpm SHA-256: 2420d22bfabb12bd7010e498a878177ff4b227348064f0b6a8207fc070bcfbd5

Red Hat Enterprise Linux for x86_64 - Update Services for SAP Solutions 8.8

SRPM
thunderbird-128.5.0-1.el8_8.src.rpm SHA-256: 0f6ed29e69b5270e9fc46dbb720ec26e1aa6e7905141f0e51ca8077a3fa3c946
x86_64
thunderbird-128.5.0-1.el8_8.x86_64.rpm SHA-256: 362ff5549e2d8ffe43fecc60d068ede2ed37cdb1cd5e61b6242de726cd5fc00f
thunderbird-debuginfo-128.5.0-1.el8_8.x86_64.rpm SHA-256: 4a8957570b4f79229cbf2f4428864b2838a0a8811fdac3d51df6464ffa3b1822
thunderbird-debugsource-128.5.0-1.el8_8.x86_64.rpm SHA-256: ec6a00d7b30ed44becd3a10a5f32880b6de280217cff79156f73f3677fc2315a

The Red Hat security contact is secalert@redhat.com. More contact details at https://access.redhat.com/security/team/contact/.