(RHSA-2024:0964) Important: thunderbird security update

2024-02-2600:56:23

access.redhat.com

thunderbird

security update

out-of-bounds memory

spoofed alert dialog

memory safety bugs

fullscreen notification

custom cursor

permission grants

http responses

arm devices

CVSS3

8.1

Attack Vector

NETWORK

Attack Complexity

HIGH

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H

AI Score

Confidence

High

EPSS

Percentile

10.3%

JSON

Mozilla Thunderbird is a standalone mail and newsgroup client.

This update upgrades Thunderbird to version 115.8.0.

Security Fix(es):

Mozilla: Out-of-bounds memory read in networking channels (CVE-2024-1546)
Mozilla: Alert dialog could have been spoofed on another site (CVE-2024-1547)
Mozilla: Memory safety bugs fixed in Firefox 123, Firefox ESR 115.8, and Thunderbird 115.8 (CVE-2024-1553)
Mozilla: Fullscreen Notification could have been hidden by select element (CVE-2024-1548)
Mozilla: Custom cursor could obscure the permission dialog (CVE-2024-1549)
Mozilla: Mouse cursor re-positioned unexpectedly could have led to unintended permission grants (CVE-2024-1550)
Mozilla: Multipart HTTP Responses would accept the Set-Cookie header in response parts (CVE-2024-1551)
Mozilla: Incorrect code generation on 32-bit ARM devices (CVE-2024-1552)

For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.

OSVersionArchitecturePackageVersionFilename
RedHat8ppc64lethunderbird-debuginfo< 115.8.0-1.el8_9thunderbird-debuginfo-115.8.0-1.el8_9.ppc64le.rpm
RedHat8ppc64lethunderbird-debugsource< 115.8.0-1.el8_9thunderbird-debugsource-115.8.0-1.el8_9.ppc64le.rpm
RedHat8s390xthunderbird-debuginfo< 115.8.0-1.el8_9thunderbird-debuginfo-115.8.0-1.el8_9.s390x.rpm
RedHat8aarch64thunderbird-debuginfo< 115.8.0-1.el8_9thunderbird-debuginfo-115.8.0-1.el8_9.aarch64.rpm
RedHat8x86_64thunderbird-debuginfo< 115.8.0-1.el8_9thunderbird-debuginfo-115.8.0-1.el8_9.x86_64.rpm
RedHat8s390xthunderbird-debugsource< 115.8.0-1.el8_9thunderbird-debugsource-115.8.0-1.el8_9.s390x.rpm
RedHat8x86_64thunderbird< 115.8.0-1.el8_9thunderbird-115.8.0-1.el8_9.x86_64.rpm
RedHat8x86_64thunderbird-debugsource< 115.8.0-1.el8_9thunderbird-debugsource-115.8.0-1.el8_9.x86_64.rpm
RedHat8ppc64lethunderbird< 115.8.0-1.el8_9thunderbird-115.8.0-1.el8_9.ppc64le.rpm
RedHat8aarch64thunderbird< 115.8.0-1.el8_9thunderbird-115.8.0-1.el8_9.aarch64.rpm

OS	Version	Architecture	Package	Version	Filename
RedHat	8	ppc64le	thunderbird-debuginfo	< 115.8.0-1.el8_9	thunderbird-debuginfo-115.8.0-1.el8_9.ppc64le.rpm
RedHat	8	ppc64le	thunderbird-debugsource	< 115.8.0-1.el8_9	thunderbird-debugsource-115.8.0-1.el8_9.ppc64le.rpm
RedHat	8	s390x	thunderbird-debuginfo	< 115.8.0-1.el8_9	thunderbird-debuginfo-115.8.0-1.el8_9.s390x.rpm
RedHat	8	aarch64	thunderbird-debuginfo	< 115.8.0-1.el8_9	thunderbird-debuginfo-115.8.0-1.el8_9.aarch64.rpm
RedHat	8	x86_64	thunderbird-debuginfo	< 115.8.0-1.el8_9	thunderbird-debuginfo-115.8.0-1.el8_9.x86_64.rpm
RedHat	8	s390x	thunderbird-debugsource	< 115.8.0-1.el8_9	thunderbird-debugsource-115.8.0-1.el8_9.s390x.rpm
RedHat	8	x86_64	thunderbird	< 115.8.0-1.el8_9	thunderbird-115.8.0-1.el8_9.x86_64.rpm
RedHat	8	x86_64	thunderbird-debugsource	< 115.8.0-1.el8_9	thunderbird-debugsource-115.8.0-1.el8_9.x86_64.rpm
RedHat	8	ppc64le	thunderbird	< 115.8.0-1.el8_9	thunderbird-115.8.0-1.el8_9.ppc64le.rpm
RedHat	8	aarch64	thunderbird	< 115.8.0-1.el8_9	thunderbird-115.8.0-1.el8_9.aarch64.rpm