[RHSA-2024:0957] thunderbird security update

Severity Important

Affected Packages 2

CVEs 8

Mozilla Thunderbird is a standalone mail and newsgroup client.

This update upgrades Thunderbird to version 115.8.0.

Security Fix(es):

Mozilla: Out-of-bounds memory read in networking channels (CVE-2024-1546)
Mozilla: Alert dialog could have been spoofed on another site (CVE-2024-1547)
Mozilla: Memory safety bugs fixed in Firefox 123, Firefox ESR 115.8, and Thunderbird 115.8 (CVE-2024-1553)
Mozilla: Fullscreen Notification could have been hidden by select element (CVE-2024-1548)
Mozilla: Custom cursor could obscure the permission dialog (CVE-2024-1549)
Mozilla: Mouse cursor re-positioned unexpectedly could have led to unintended permission grants (CVE-2024-1550)
Mozilla: Multipart HTTP Responses would accept the Set-Cookie header in response parts (CVE-2024-1551)
Mozilla: Incorrect code generation on 32-bit ARM devices (CVE-2024-1552)

For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.

Package	Affected Version
pkg:rpm/redhat/thunderbird?arch=x86_64&distro=redhat-7.9	< 115.8.0-1.el7_9
pkg:rpm/redhat/thunderbird?arch=ppc64le&distro=redhat-7.9	< 115.8.0-1.el7_9

ID

RHSA-2024:0957

Severity

important

URL

https://access.redhat.com/errata/RHSA-2024:0957

Published

2024-02-26T00:00:00
(6 months ago)

Modified

2024-02-26T00:00:00
(6 months ago)

Rights

Other Advisories

Source	# ID	URL
Bugzilla	2265349	https://bugzilla.redhat.com/2265349
Bugzilla	2265350	https://bugzilla.redhat.com/2265350
Bugzilla	2265351	https://bugzilla.redhat.com/2265351
Bugzilla	2265352	https://bugzilla.redhat.com/2265352
Bugzilla	2265353	https://bugzilla.redhat.com/2265353
Bugzilla	2265354	https://bugzilla.redhat.com/2265354
Bugzilla	2265355	https://bugzilla.redhat.com/2265355
Bugzilla	2265356	https://bugzilla.redhat.com/2265356
RHSA	RHSA-2024:0957	https://access.redhat.com/errata/RHSA-2024:0957
CVE	CVE-2024-1546	https://access.redhat.com/security/cve/CVE-2024-1546
CVE	CVE-2024-1547	https://access.redhat.com/security/cve/CVE-2024-1547
CVE	CVE-2024-1548	https://access.redhat.com/security/cve/CVE-2024-1548
CVE	CVE-2024-1549	https://access.redhat.com/security/cve/CVE-2024-1549
CVE	CVE-2024-1550	https://access.redhat.com/security/cve/CVE-2024-1550
CVE	CVE-2024-1551	https://access.redhat.com/security/cve/CVE-2024-1551
CVE	CVE-2024-1552	https://access.redhat.com/security/cve/CVE-2024-1552
CVE	CVE-2024-1553	https://access.redhat.com/security/cve/CVE-2024-1553

Type	Package URL	Namespace	Name / Product	Version	Distribution / Platform	Arch	Patch / Fix
Affected	pkg:rpm/redhat/thunderbird?arch=x86_64&distro=redhat-7.9	redhat	thunderbird	< 115.8.0-1.el7_9	redhat-7.9	x86_64
Affected	pkg:rpm/redhat/thunderbird?arch=ppc64le&distro=redhat-7.9	redhat	thunderbird	< 115.8.0-1.el7_9	redhat-7.9	ppc64le

# CVE	Description	CVSS	EPSS	EPSS Trend (30 days)	Affected Products	Weaknesses	Security Advisories	Exploits	PoC	Pubblication Date	Modification Date
# CVE	Description	CVSS	EPSS	EPSS Trend (30 days)	Affected Products	Weaknesses	Security Advisories	PoC	Pubblication Date	Modification Date