[ALAS2-2024-2561] Amazon Linux 2 2017.12 - ALAS2-2024-2561: important priority package update for thunderbird
Package updates are available for Amazon Linux 2 that fix the following vulnerabilities:
CVE-2024-4777:
Memory safety bugs present in Firefox 125, Firefox ESR 115.10, and Thunderbird 115.10. Some of these bugs showed evidence of memory corruption and we presume that with enough effort some of these could have been exploited to run arbitrary code. This vulnerability affects Firefox < 126, Firefox ESR < 115.11, and Thunderbird < 115.11.
CVE-2024-4770:
When saving a page to PDF, certain font styles could have led to a potential use-after-free crash. This vulnerability affects Firefox < 126, Firefox ESR < 115.11, and Thunderbird < 115.11.
CVE-2024-4769:
When importing resources using Web Workers, error messages would distinguish the difference between application/javascript
responses and non-script responses. This could have been abused to learn information cross-origin. This vulnerability affects Firefox < 126, Firefox ESR < 115.11, and Thunderbird < 115.11.
CVE-2024-4768:
A bug in popup notifications' interaction with WebAuthn made it easier for an attacker to trick a user into granting permissions. This vulnerability affects Firefox < 126, Firefox ESR < 115.11, and Thunderbird < 115.11.
CVE-2024-4767:
If the browser.privatebrowsing.autostart
preference is enabled, IndexedDB files were not properly deleted when the window was closed. This preference is disabled by default in Firefox. This vulnerability affects Firefox < 126, Firefox ESR < 115.11, and Thunderbird < 115.11.
CVE-2024-4367:
A type check was missing when handling fonts in PDF.js, which would allow arbitrary JavaScript execution in the PDF.js context. This vulnerability affects Firefox < 126, Firefox ESR < 115.11, and Thunderbird < 115.11.
Affected
Package | Affected Version |
---|---|
pkg:rpm/amazonlinux/thunderbird?arch=x86_64&distro=amazonlinux-2 | < 115.11.0-1.amzn2.0.1 |
pkg:rpm/amazonlinux/thunderbird?arch=aarch64&distro=amazonlinux-2 | < 115.11.0-1.amzn2.0.1 |
pkg:rpm/amazonlinux/thunderbird-debuginfo?arch=x86_64&distro=amazonlinux-2 | < 115.11.0-1.amzn2.0.1 |
pkg:rpm/amazonlinux/thunderbird-debuginfo?arch=aarch64&distro=amazonlinux-2 | < 115.11.0-1.amzn2.0.1 |
- ID
- ALAS2-2024-2561
- Severity
- important
- URL
- https://alas.aws.amazon.com/AL2/ALAS-2024-2561.html
- Published
-
2024-06-06T20:17:00
(7 months ago) - Modified
-
2024-06-06T20:17:00
(7 months ago) - Rights
- Amazon Linux Security Team
- Other Advisories
-
- ALSA-2024:2883
- ALSA-2024:2888
- ALSA-2024:3783
- ALSA-2024:3784
- CESA-2024:2881
- CESA-2024:2913
- DSA-5691-1
- DSA-5693-1
- DSA-5742-1
- ELSA-2024-2881
- ELSA-2024-2883
- ELSA-2024-2888
- ELSA-2024-2913
- ELSA-2024-3783
- ELSA-2024-3784
- FREEBSD:F848EF90-1848-11EF-9850-001B217B3468
- MFSA-2024-21
- MFSA-2024-22
- MFSA-2024-23
- NPM:GHSA-WGRM-67XF-HHPQ
- RHSA-2024:2881
- RHSA-2024:2882
- RHSA-2024:2883
- RHSA-2024:2884
- RHSA-2024:2885
- RHSA-2024:2886
- RHSA-2024:2887
- RHSA-2024:2888
- RHSA-2024:2903
- RHSA-2024:2904
- RHSA-2024:2905
- RHSA-2024:2906
- RHSA-2024:2911
- RHSA-2024:2912
- RHSA-2024:2913
- RHSA-2024:3338
- RHSA-2024:3783
- RHSA-2024:3784
- RLSA-2024:2888
- RLSA-2024:3783
- RLSA-2024:3784
- SSA:2024-135-01
- SSA:2024-164-01
- SUSE-SU-2024:1676-1
- SUSE-SU-2024:1770-1
- SUSE-SU-2024:1858-1
- USN-6779-1
- USN-6782-1
Source | # ID | Name | URL |
---|---|---|---|
CVE | CVE-2024-4367 | http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-4367 | |
CVE | CVE-2024-4767 | http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-4767 | |
CVE | CVE-2024-4768 | http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-4768 | |
CVE | CVE-2024-4769 | http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-4769 | |
CVE | CVE-2024-4770 | http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-4770 | |
CVE | CVE-2024-4777 | http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-4777 |
Type | Package URL | Namespace | Name / Product | Version | Distribution / Platform | Arch | Patch / Fix |
---|---|---|---|---|---|---|---|
Affected | pkg:rpm/amazonlinux/thunderbird?arch=x86_64&distro=amazonlinux-2 | amazonlinux | thunderbird | < 115.11.0-1.amzn2.0.1 | amazonlinux-2 | x86_64 | |
Affected | pkg:rpm/amazonlinux/thunderbird?arch=aarch64&distro=amazonlinux-2 | amazonlinux | thunderbird | < 115.11.0-1.amzn2.0.1 | amazonlinux-2 | aarch64 | |
Affected | pkg:rpm/amazonlinux/thunderbird-debuginfo?arch=x86_64&distro=amazonlinux-2 | amazonlinux | thunderbird-debuginfo | < 115.11.0-1.amzn2.0.1 | amazonlinux-2 | x86_64 | |
Affected | pkg:rpm/amazonlinux/thunderbird-debuginfo?arch=aarch64&distro=amazonlinux-2 | amazonlinux | thunderbird-debuginfo | < 115.11.0-1.amzn2.0.1 | amazonlinux-2 | aarch64 |
# CVE | Description | CVSS | EPSS | EPSS Trend (30 days) | Affected Products | Weaknesses | Security Advisories | Exploits | PoC | Pubblication Date | Modification Date |
---|---|---|---|---|---|---|---|---|---|---|---|
# CVE | Description | CVSS | EPSS | EPSS Trend (30 days) | Affected Products | Weaknesses | Security Advisories | PoC | Pubblication Date | Modification Date |