Red Hat Product Errata RHSA-2024:5396 - Security Advisory
Issued:
2024-08-14
Updated:
2024-08-14

RHSA-2024:5396 - Security Advisory

Synopsis

Important: thunderbird security update

Type/Severity

Security Advisory: Important

Red Hat Insights patch analysis

Identify and remediate systems affected by this advisory.

View affected systems

Topic

An update for thunderbird is now available for Red Hat Enterprise Linux 9.2 Extended Update Support.

Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.

Description

Mozilla Thunderbird is a standalone mail and newsgroup client.

Security Fix(es):

  • EMBARGOED Thunderbird: 115.14/128.1 ()
  • mozilla: Fullscreen notification dialog can be obscured by document content (CVE-2024-7518)
  • mozilla: Out of bounds memory access in graphics shared memory handling (CVE-2024-7519)
  • mozilla: Type confusion in WebAssembly (CVE-2024-7520)
  • mozilla: Incomplete WebAssembly exception handing (CVE-2024-7521)
  • mozilla: Out of bounds read in editor component (CVE-2024-7522)
  • mozilla: Missing permission check when creating a StreamFilter (CVE-2024-7525)
  • mozilla: Uninitialized memory used by WebGL (CVE-2024-7526)
  • mozilla: Use-after-free in JavaScript garbage collection (CVE-2024-7527)
  • mozilla: Use-after-free in IndexedDB (CVE-2024-7528)
  • mozilla: Document content could partially obscure security prompts (CVE-2024-7529)

For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.

Solution

For details on how to apply this update, which includes the changes described in this advisory, refer to:

https://access.redhat.com/articles/11258

Affected Products

  • Red Hat Enterprise Linux for x86_64 - Extended Update Support 9.2 x86_64
  • Red Hat Enterprise Linux Server - AUS 9.2 x86_64
  • Red Hat Enterprise Linux for IBM z Systems - Extended Update Support 9.2 s390x
  • Red Hat Enterprise Linux for Power, little endian - Extended Update Support 9.2 ppc64le
  • Red Hat Enterprise Linux for ARM 64 - Extended Update Support 9.2 aarch64
  • Red Hat Enterprise Linux Server for Power LE - Update Services for SAP Solutions 9.2 ppc64le
  • Red Hat Enterprise Linux for x86_64 - Update Services for SAP Solutions 9.2 x86_64
  • Red Hat Enterprise Linux for ARM 64 - 4 years of updates 9.2 aarch64
  • Red Hat Enterprise Linux for IBM z Systems - 4 years of updates 9.2 s390x

Fixes

(none)

Red Hat Enterprise Linux for x86_64 - Extended Update Support 9.2

SRPM
thunderbird-115.14.0-1.el9_2.src.rpm SHA-256: 38f5f67a76b9fc29bb8c888f97e9ca0f1cd52484b12b29570955fa9364fa6d0f
x86_64
thunderbird-115.14.0-1.el9_2.x86_64.rpm SHA-256: 47ed985ce0d50e01c79db5ce467f3a0f5aafd86ed965040cdc750b1ceb4cc530
thunderbird-debuginfo-115.14.0-1.el9_2.x86_64.rpm SHA-256: 91806956096d7bfa38aad38ef8fbb9a60bd40c4c6180fcabdc4f8a3f92cd2db6
thunderbird-debugsource-115.14.0-1.el9_2.x86_64.rpm SHA-256: 5801cafb31301957f7138b3fe79388782aaa6d364cd43d999eaf4dce6eac749c

Red Hat Enterprise Linux Server - AUS 9.2

SRPM
thunderbird-115.14.0-1.el9_2.src.rpm SHA-256: 38f5f67a76b9fc29bb8c888f97e9ca0f1cd52484b12b29570955fa9364fa6d0f
x86_64
thunderbird-115.14.0-1.el9_2.x86_64.rpm SHA-256: 47ed985ce0d50e01c79db5ce467f3a0f5aafd86ed965040cdc750b1ceb4cc530
thunderbird-debuginfo-115.14.0-1.el9_2.x86_64.rpm SHA-256: 91806956096d7bfa38aad38ef8fbb9a60bd40c4c6180fcabdc4f8a3f92cd2db6
thunderbird-debugsource-115.14.0-1.el9_2.x86_64.rpm SHA-256: 5801cafb31301957f7138b3fe79388782aaa6d364cd43d999eaf4dce6eac749c

Red Hat Enterprise Linux for IBM z Systems - Extended Update Support 9.2

SRPM
thunderbird-115.14.0-1.el9_2.src.rpm SHA-256: 38f5f67a76b9fc29bb8c888f97e9ca0f1cd52484b12b29570955fa9364fa6d0f
s390x
thunderbird-115.14.0-1.el9_2.s390x.rpm SHA-256: d82cef2672044c97e79106a01ae15d46b8648abc7f1ec1ef9558f065ef709380
thunderbird-debuginfo-115.14.0-1.el9_2.s390x.rpm SHA-256: 582fe41fc46181b98afc674eba3c507a4fbc65a204daaa0c13b273646ce5f81c
thunderbird-debugsource-115.14.0-1.el9_2.s390x.rpm SHA-256: 436b4a524d7c222037722d1591791126d764599750c4695fccbdf18a93086f35

Red Hat Enterprise Linux for Power, little endian - Extended Update Support 9.2

SRPM
thunderbird-115.14.0-1.el9_2.src.rpm SHA-256: 38f5f67a76b9fc29bb8c888f97e9ca0f1cd52484b12b29570955fa9364fa6d0f
ppc64le
thunderbird-115.14.0-1.el9_2.ppc64le.rpm SHA-256: 342ea88837e5c1686cba23d51a178b2c7443c9792d51b94413dcd0e4344ac020
thunderbird-debuginfo-115.14.0-1.el9_2.ppc64le.rpm SHA-256: eba5f4cd0c2a76a1567f78062f6c3470920c66260731f67ee3b617becdf31c6d
thunderbird-debugsource-115.14.0-1.el9_2.ppc64le.rpm SHA-256: d50146680580765cf2197f07b947db1b100cef66e47e5f0fcebc70d3f828aaf5

Red Hat Enterprise Linux for ARM 64 - Extended Update Support 9.2

SRPM
thunderbird-115.14.0-1.el9_2.src.rpm SHA-256: 38f5f67a76b9fc29bb8c888f97e9ca0f1cd52484b12b29570955fa9364fa6d0f
aarch64
thunderbird-115.14.0-1.el9_2.aarch64.rpm SHA-256: 3ab9be2731217cda79f131ab7225bcebef38fd123f2ababde496158e61e43c3e
thunderbird-debuginfo-115.14.0-1.el9_2.aarch64.rpm SHA-256: 3adaa349db42d7cea646286d50b93eecbb0fcd34a22a37ddeb28a3d1c3eaf0e5
thunderbird-debugsource-115.14.0-1.el9_2.aarch64.rpm SHA-256: 98d18751ebde1d76649777cc3e889f56afe7a4cc86e7dc4713ce8ed33b0ec515

Red Hat Enterprise Linux Server for Power LE - Update Services for SAP Solutions 9.2

SRPM
thunderbird-115.14.0-1.el9_2.src.rpm SHA-256: 38f5f67a76b9fc29bb8c888f97e9ca0f1cd52484b12b29570955fa9364fa6d0f
ppc64le
thunderbird-115.14.0-1.el9_2.ppc64le.rpm SHA-256: 342ea88837e5c1686cba23d51a178b2c7443c9792d51b94413dcd0e4344ac020
thunderbird-debuginfo-115.14.0-1.el9_2.ppc64le.rpm SHA-256: eba5f4cd0c2a76a1567f78062f6c3470920c66260731f67ee3b617becdf31c6d
thunderbird-debugsource-115.14.0-1.el9_2.ppc64le.rpm SHA-256: d50146680580765cf2197f07b947db1b100cef66e47e5f0fcebc70d3f828aaf5

Red Hat Enterprise Linux for x86_64 - Update Services for SAP Solutions 9.2

SRPM
thunderbird-115.14.0-1.el9_2.src.rpm SHA-256: 38f5f67a76b9fc29bb8c888f97e9ca0f1cd52484b12b29570955fa9364fa6d0f
x86_64
thunderbird-115.14.0-1.el9_2.x86_64.rpm SHA-256: 47ed985ce0d50e01c79db5ce467f3a0f5aafd86ed965040cdc750b1ceb4cc530
thunderbird-debuginfo-115.14.0-1.el9_2.x86_64.rpm SHA-256: 91806956096d7bfa38aad38ef8fbb9a60bd40c4c6180fcabdc4f8a3f92cd2db6
thunderbird-debugsource-115.14.0-1.el9_2.x86_64.rpm SHA-256: 5801cafb31301957f7138b3fe79388782aaa6d364cd43d999eaf4dce6eac749c

Red Hat Enterprise Linux for ARM 64 - 4 years of updates 9.2

SRPM
thunderbird-115.14.0-1.el9_2.src.rpm SHA-256: 38f5f67a76b9fc29bb8c888f97e9ca0f1cd52484b12b29570955fa9364fa6d0f
aarch64
thunderbird-115.14.0-1.el9_2.aarch64.rpm SHA-256: 3ab9be2731217cda79f131ab7225bcebef38fd123f2ababde496158e61e43c3e
thunderbird-debuginfo-115.14.0-1.el9_2.aarch64.rpm SHA-256: 3adaa349db42d7cea646286d50b93eecbb0fcd34a22a37ddeb28a3d1c3eaf0e5
thunderbird-debugsource-115.14.0-1.el9_2.aarch64.rpm SHA-256: 98d18751ebde1d76649777cc3e889f56afe7a4cc86e7dc4713ce8ed33b0ec515

Red Hat Enterprise Linux for IBM z Systems - 4 years of updates 9.2

SRPM
thunderbird-115.14.0-1.el9_2.src.rpm SHA-256: 38f5f67a76b9fc29bb8c888f97e9ca0f1cd52484b12b29570955fa9364fa6d0f
s390x
thunderbird-115.14.0-1.el9_2.s390x.rpm SHA-256: d82cef2672044c97e79106a01ae15d46b8648abc7f1ec1ef9558f065ef709380
thunderbird-debuginfo-115.14.0-1.el9_2.s390x.rpm SHA-256: 582fe41fc46181b98afc674eba3c507a4fbc65a204daaa0c13b273646ce5f81c
thunderbird-debugsource-115.14.0-1.el9_2.s390x.rpm SHA-256: 436b4a524d7c222037722d1591791126d764599750c4695fccbdf18a93086f35

The Red Hat security contact is secalert@redhat.com. More contact details at https://access.redhat.com/security/team/contact/.