Issued:: 2024-06-10
Updated:: 2024-06-10

RHSA-2024:3784 - Security Advisory

Overview
Updated Packages

Synopsis

Moderate: thunderbird security update

Type/Severity

Security Advisory: Moderate

Red Hat Insights patch analysis

Identify and remediate systems affected by this advisory.

View affected systems

Topic

An update for thunderbird is now available for Red Hat Enterprise Linux 8.10.

Red Hat Product Security has rated this update as having a security impact of
Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.

Description

Mozilla Thunderbird is a standalone mail and newsgroup client.

This update upgrades Thunderbird to version 115.11.0.

Security Fix(es):

firefox: Arbitrary JavaScript execution in PDF.js (CVE-2024-4367)
firefox: IndexedDB files retained in private browsing mode (CVE-2024-4767)
firefox: Potential permissions request bypass via clickjacking (CVE-2024-4768)
firefox: Cross-origin responses could be distinguished between script and

non-script content-types (CVE-2024-4769)

firefox: Use-after-free could occur when printing to PDF (CVE-2024-4770)
firefox: Memory safety bugs fixed in Firefox 126, Firefox ESR 115.11, and

Thunderbird 115.11 (CVE-2024-4777)

For more details about the security issue(s), including the impact, a CVSS
score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.

Solution

Before applying this update, make sure all previously released errata
relevant to your system have been applied.

For details on how to apply this update, refer to:

https://access.redhat.com/articles/11258

Affected Products

Red Hat Enterprise Linux for x86_64 8 x86_64
Red Hat Enterprise Linux for IBM z Systems 8 s390x
Red Hat Enterprise Linux for Power, little endian 8 ppc64le
Red Hat Enterprise Linux for ARM 64 8 aarch64

Fixes

BZ - 2280382 - CVE-2024-4367 Mozilla: Arbitrary JavaScript execution in PDF.js
BZ - 2280383 - CVE-2024-4767 Mozilla: IndexedDB files retained in private browsing mode
BZ - 2280384 - CVE-2024-4768 Mozilla: Potential permissions request bypass via clickjacking
BZ - 2280385 - CVE-2024-4769 Mozilla: Cross-origin responses could be distinguished between script and non-script content-types
BZ - 2280386 - CVE-2024-4770 Mozilla: Use-after-free could occur when printing to PDF
BZ - 2280387 - CVE-2024-4777 Mozilla: Memory safety bugs fixed in Firefox 126, Firefox ESR 115.11, and Thunderbird 115.11

CVEs

References

https://access.redhat.com/security/updates/classification/#moderate

Note: More recent versions of these packages may be available. Click a package name for more details.

Red Hat Enterprise Linux for x86_64 8

SRPM
thunderbird-115.11.0-1.el8_10.src.rpm	SHA-256: 194ea1152d2fff48380ac5377315b64ff479ff16007ddd628b0a3d0b7fd3e442
x86_64
thunderbird-115.11.0-1.el8_10.x86_64.rpm	SHA-256: 80051253f42eec30d927d816129504dd7680564b80b01d9b799b077bf3e5b0d3
thunderbird-debuginfo-115.11.0-1.el8_10.x86_64.rpm	SHA-256: 33582397744821c476f2ebda19b7a5e463842e17cc12c5e757ad393d374c2e6c
thunderbird-debugsource-115.11.0-1.el8_10.x86_64.rpm	SHA-256: e5de7a5f43cfa29aa25d8ee3e54530b2ac0f3874906d0fbe7a04a9e38c595757

Red Hat Enterprise Linux for IBM z Systems 8

SRPM
thunderbird-115.11.0-1.el8_10.src.rpm	SHA-256: 194ea1152d2fff48380ac5377315b64ff479ff16007ddd628b0a3d0b7fd3e442
s390x
thunderbird-115.11.0-1.el8_10.s390x.rpm	SHA-256: 6685992513708436e08809c97bb01d3b09380ba61a8775f542046b95df2d9ace
thunderbird-debuginfo-115.11.0-1.el8_10.s390x.rpm	SHA-256: 4eb020cc83f7dfdd0c48abaaef984ea04fa71104b193569b4cafbe675176ac1a
thunderbird-debugsource-115.11.0-1.el8_10.s390x.rpm	SHA-256: 877972f51ad060ee32a3085390f817c627f60deea03a15702ae935effb7dc839

Red Hat Enterprise Linux for Power, little endian 8

SRPM
thunderbird-115.11.0-1.el8_10.src.rpm	SHA-256: 194ea1152d2fff48380ac5377315b64ff479ff16007ddd628b0a3d0b7fd3e442
ppc64le
thunderbird-115.11.0-1.el8_10.ppc64le.rpm	SHA-256: 382e198abafb07af842e9784003d13b8ed49ccbf2846267cd83da55a6f2248fc
thunderbird-debuginfo-115.11.0-1.el8_10.ppc64le.rpm	SHA-256: 3e092224fd54eb4114bfb7be241a108336ecf6f4bbb0996d4e9dac07b5fc30bf
thunderbird-debugsource-115.11.0-1.el8_10.ppc64le.rpm	SHA-256: 9b09f5fa28bac105e895946f9bd0af21532de81f9d326c5a3ab68d302d5c6c2c

Red Hat Enterprise Linux for ARM 64 8

SRPM
thunderbird-115.11.0-1.el8_10.src.rpm	SHA-256: 194ea1152d2fff48380ac5377315b64ff479ff16007ddd628b0a3d0b7fd3e442
aarch64
thunderbird-115.11.0-1.el8_10.aarch64.rpm	SHA-256: dfced6e1bcaa86aaa42a932aa8b747ea44470a11848908e3a0cc2d2550f16db8
thunderbird-debuginfo-115.11.0-1.el8_10.aarch64.rpm	SHA-256: 35b8e7c239ca20e1863c0ea73c3188008ae1c1ba2275a608174c1f49e7d8857b
thunderbird-debugsource-115.11.0-1.el8_10.aarch64.rpm	SHA-256: 774ad55d1fe97f121a18065f866e83b0ffe932dde4398c328f1dcb651ad2b6b0

The Red Hat security contact is secalert@redhat.com. More contact details at https://access.redhat.com/security/team/contact/.

Select Your Language

Infrastructure and Management

Cloud Computing

Storage

Runtimes

Integration and Automation