Red Hat Product Errata RHSA-2024:0623 - Security Advisory
Issued:
2024-01-30
Updated:
2024-01-30

RHSA-2024:0623 - Security Advisory

Synopsis

Important: thunderbird security update

Type/Severity

Security Advisory: Important

Red Hat Insights patch analysis

Identify and remediate systems affected by this advisory.

View affected systems

Topic

An update for thunderbird is now available for Red Hat Enterprise Linux 8.6 Extended Update Support.

Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.

Description

Mozilla Thunderbird is a standalone mail and newsgroup client.

This update upgrades Thunderbird to version 115.7.0.

Security Fix(es):

  • Mozilla: Out of bounds write in ANGLE (CVE-2024-0741)
  • Mozilla: Failure to update user input timestamp (CVE-2024-0742)
  • Mozilla: Crash when listing printers on Linux (CVE-2024-0746)
  • Mozilla: Bypass of Content Security Policy when directive unsafe-inline was set (CVE-2024-0747)
  • Mozilla: Phishing site popup could show local origin in address bar (CVE-2024-0749)
  • Mozilla: Potential permissions request bypass via clickjacking (CVE-2024-0750)
  • Mozilla: Privilege escalation through devtools (CVE-2024-0751)
  • Mozilla: HSTS policy on subdomain could bypass policy of upper domain (CVE-2024-0753)
  • Mozilla: Memory safety bugs fixed in Firefox 122, Firefox ESR 115.7, and Thunderbird 115.7 (CVE-2024-0755)

For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.

Solution

For details on how to apply this update, which includes the changes described in this advisory, refer to:

https://access.redhat.com/articles/11258

All running instances of Thunderbird must be restarted for the update to take effect.

Affected Products

  • Red Hat Enterprise Linux for x86_64 - Extended Update Support 8.6 x86_64
  • Red Hat Enterprise Linux Server - AUS 8.6 x86_64
  • Red Hat Enterprise Linux for IBM z Systems - Extended Update Support 8.6 s390x
  • Red Hat Enterprise Linux for Power, little endian - Extended Update Support 8.6 ppc64le
  • Red Hat Enterprise Linux Server - TUS 8.6 x86_64
  • Red Hat Enterprise Linux for ARM 64 - Extended Update Support 8.6 aarch64
  • Red Hat Enterprise Linux Server for Power LE - Update Services for SAP Solutions 8.6 ppc64le
  • Red Hat Enterprise Linux for x86_64 - Update Services for SAP Solutions 8.6 x86_64

Fixes

  • BZ - 2259926 - CVE-2024-0741 Mozilla: Out of bounds write in ANGLE
  • BZ - 2259927 - CVE-2024-0742 Mozilla: Failure to update user input timestamp
  • BZ - 2259928 - CVE-2024-0746 Mozilla: Crash when listing printers on Linux
  • BZ - 2259929 - CVE-2024-0747 Mozilla: Bypass of Content Security Policy when directive unsafe-inline was set
  • BZ - 2259930 - CVE-2024-0749 Mozilla: Phishing site popup could show local origin in address bar
  • BZ - 2259931 - CVE-2024-0750 Mozilla: Potential permissions request bypass via clickjacking
  • BZ - 2259932 - CVE-2024-0751 Mozilla: Privilege escalation through devtools
  • BZ - 2259933 - CVE-2024-0753 Mozilla: HSTS policy on subdomain could bypass policy of upper domain
  • BZ - 2259934 - CVE-2024-0755 Mozilla: Memory safety bugs fixed in Firefox 122, Firefox ESR 115.7, and Thunderbird 115.7

Red Hat Enterprise Linux for x86_64 - Extended Update Support 8.6

SRPM
thunderbird-115.7.0-1.el8_6.src.rpm SHA-256: ba92a6196105b876b62f4c9097c74be5d255dead5fad0977adb630c9c45f8061
x86_64
thunderbird-115.7.0-1.el8_6.x86_64.rpm SHA-256: b1a68d4bf06138459eaa85bc2558dad75200a67037a0b0043a24a4a4ad4aa92a
thunderbird-debuginfo-115.7.0-1.el8_6.x86_64.rpm SHA-256: 04c4a2c195c73c455d14fbbce9e8a439653cf0a0092398ed3bb360a54c52e19e
thunderbird-debugsource-115.7.0-1.el8_6.x86_64.rpm SHA-256: 04b23eb77dc9bdc06e35669d415a5da4ac3f6e5877adcf0f5c20ffb1ff244859

Red Hat Enterprise Linux Server - AUS 8.6

SRPM
thunderbird-115.7.0-1.el8_6.src.rpm SHA-256: ba92a6196105b876b62f4c9097c74be5d255dead5fad0977adb630c9c45f8061
x86_64
thunderbird-115.7.0-1.el8_6.x86_64.rpm SHA-256: b1a68d4bf06138459eaa85bc2558dad75200a67037a0b0043a24a4a4ad4aa92a
thunderbird-debuginfo-115.7.0-1.el8_6.x86_64.rpm SHA-256: 04c4a2c195c73c455d14fbbce9e8a439653cf0a0092398ed3bb360a54c52e19e
thunderbird-debugsource-115.7.0-1.el8_6.x86_64.rpm SHA-256: 04b23eb77dc9bdc06e35669d415a5da4ac3f6e5877adcf0f5c20ffb1ff244859

Red Hat Enterprise Linux for IBM z Systems - Extended Update Support 8.6

SRPM
thunderbird-115.7.0-1.el8_6.src.rpm SHA-256: ba92a6196105b876b62f4c9097c74be5d255dead5fad0977adb630c9c45f8061
s390x
thunderbird-115.7.0-1.el8_6.s390x.rpm SHA-256: 4c56ae2c23708d4eae9e5acf2548a112396492b05678e2e75448d2751b9b768c
thunderbird-debuginfo-115.7.0-1.el8_6.s390x.rpm SHA-256: 272a47d2c6ce115b3f9d9e4e5e8148877c8987765e8979eb8b168bdfd61f6ef6
thunderbird-debugsource-115.7.0-1.el8_6.s390x.rpm SHA-256: e7a40e50390a874c869ef8774e5f6c7b2fa1f9867ca4ce86f4fe7557dfe5a3b3

Red Hat Enterprise Linux for Power, little endian - Extended Update Support 8.6

SRPM
thunderbird-115.7.0-1.el8_6.src.rpm SHA-256: ba92a6196105b876b62f4c9097c74be5d255dead5fad0977adb630c9c45f8061
ppc64le
thunderbird-115.7.0-1.el8_6.ppc64le.rpm SHA-256: 2021c32c963d44108fa14670390468fcdebbf2cf5d82364e7026c14efbcc2041
thunderbird-debuginfo-115.7.0-1.el8_6.ppc64le.rpm SHA-256: 31c51d2345ac213d2970346d657b5e0c0c6dbbb47832e5f81c01e9da0bf0075f
thunderbird-debugsource-115.7.0-1.el8_6.ppc64le.rpm SHA-256: bd03ee79e9d5a30a180543dd0b214b5fdd380a734fcc6bda15485ff8507a5f94

Red Hat Enterprise Linux Server - TUS 8.6

SRPM
thunderbird-115.7.0-1.el8_6.src.rpm SHA-256: ba92a6196105b876b62f4c9097c74be5d255dead5fad0977adb630c9c45f8061
x86_64
thunderbird-115.7.0-1.el8_6.x86_64.rpm SHA-256: b1a68d4bf06138459eaa85bc2558dad75200a67037a0b0043a24a4a4ad4aa92a
thunderbird-debuginfo-115.7.0-1.el8_6.x86_64.rpm SHA-256: 04c4a2c195c73c455d14fbbce9e8a439653cf0a0092398ed3bb360a54c52e19e
thunderbird-debugsource-115.7.0-1.el8_6.x86_64.rpm SHA-256: 04b23eb77dc9bdc06e35669d415a5da4ac3f6e5877adcf0f5c20ffb1ff244859

Red Hat Enterprise Linux for ARM 64 - Extended Update Support 8.6

SRPM
thunderbird-115.7.0-1.el8_6.src.rpm SHA-256: ba92a6196105b876b62f4c9097c74be5d255dead5fad0977adb630c9c45f8061
aarch64
thunderbird-115.7.0-1.el8_6.aarch64.rpm SHA-256: 7d0b11e77132cbd69a2a4c883405bcccb27b3e3b8f8750816c81f556eb2223b9
thunderbird-debuginfo-115.7.0-1.el8_6.aarch64.rpm SHA-256: 25c2dee6079cd862ea34925857cbceb000e7d2b3b8267ba6987876af769b35b2
thunderbird-debugsource-115.7.0-1.el8_6.aarch64.rpm SHA-256: 88abcde9fe83ecddd1291ca189f8a425288e810c1888d0adb05b10d44ea154c8

Red Hat Enterprise Linux Server for Power LE - Update Services for SAP Solutions 8.6

SRPM
thunderbird-115.7.0-1.el8_6.src.rpm SHA-256: ba92a6196105b876b62f4c9097c74be5d255dead5fad0977adb630c9c45f8061
ppc64le
thunderbird-115.7.0-1.el8_6.ppc64le.rpm SHA-256: 2021c32c963d44108fa14670390468fcdebbf2cf5d82364e7026c14efbcc2041
thunderbird-debuginfo-115.7.0-1.el8_6.ppc64le.rpm SHA-256: 31c51d2345ac213d2970346d657b5e0c0c6dbbb47832e5f81c01e9da0bf0075f
thunderbird-debugsource-115.7.0-1.el8_6.ppc64le.rpm SHA-256: bd03ee79e9d5a30a180543dd0b214b5fdd380a734fcc6bda15485ff8507a5f94

Red Hat Enterprise Linux for x86_64 - Update Services for SAP Solutions 8.6

SRPM
thunderbird-115.7.0-1.el8_6.src.rpm SHA-256: ba92a6196105b876b62f4c9097c74be5d255dead5fad0977adb630c9c45f8061
x86_64
thunderbird-115.7.0-1.el8_6.x86_64.rpm SHA-256: b1a68d4bf06138459eaa85bc2558dad75200a67037a0b0043a24a4a4ad4aa92a
thunderbird-debuginfo-115.7.0-1.el8_6.x86_64.rpm SHA-256: 04c4a2c195c73c455d14fbbce9e8a439653cf0a0092398ed3bb360a54c52e19e
thunderbird-debugsource-115.7.0-1.el8_6.x86_64.rpm SHA-256: 04b23eb77dc9bdc06e35669d415a5da4ac3f6e5877adcf0f5c20ffb1ff244859

The Red Hat security contact is [email protected]. More contact details at https://access.redhat.com/security/team/contact/.