[RHSA-2024:4002] thunderbird security update
Mozilla Thunderbird is a standalone mail and newsgroup client.
This update upgrades Thunderbird to version 115.12.1.
Security Fix(es):
thunderbird: Use-after-free in networking (CVE-2024-5702)
thunderbird: Use-after-free in JavaScript object transplant (CVE-2024-5688)
thunderbird: External protocol handlers leaked by timing attack (CVE-2024-5690)
thunderbird: Sandboxed iframes were able to bypass sandbox restrictions to open a new window (CVE-2024-5691)
thunderbird: Cross-Origin Image leak via Offscreen Canvas (CVE-2024-5693)
thunderbird: Memory Corruption in Text Fragments (CVE-2024-5696)
thunderbird: Memory safety bugs fixed in Firefox 127, Firefox ESR 115.12, and Thunderbird 115.12 (CVE-2024-5700)
For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.
| Package | Affected Version |
|---|---|
 pkg:rpm/redhat/thunderbird?arch=x86_64&distro=redhat-9.4
|
< 115.12.1-1.el9_4 |
|
pkg:rpm/redhat/thunderbird?arch=s390x&distro=redhat-9.4
|
< 115.12.1-1.el9_4 |
|
pkg:rpm/redhat/thunderbird?arch=ppc64le&distro=redhat-9.4
|
< 115.12.1-1.el9_4 |
|
pkg:rpm/redhat/thunderbird?arch=aarch64&distro=redhat-9.4
|
< 115.12.1-1.el9_4 |
- ID
- RHSA-2024:4002
- Severity
- important
- URL
- https://access.redhat.com/errata/RHSA-2024:4002
- Published
-
2024-06-20T00:00:00
(3 months ago) - Modified
-
2024-06-20T00:00:00
(3 months ago) - Rights
- Copyright 2024 Red Hat, Inc.
- Other Advisories
-
-
ALAS2-2024-2583
-
ALSA-2024:3954
-
ALSA-2024:3955
-
ALSA-2024:4002
-
ALSA-2024:4036
-
DSA-5709-1
-
DSA-5711-1
-
ELSA-2024-3951
-
ELSA-2024-3954
-
ELSA-2024-3955
-
ELSA-2024-4002
-
ELSA-2024-4016
-
ELSA-2024-4036
-
FREEBSD:AA1C7AF9-570E-11EF-A43E-B42E991FC52E
-
GLSA-202408-02
-
MFSA-2024-18
-
MFSA-2024-25
-
MFSA-2024-26
-
MFSA-2024-28
-
RHSA-2024:3951
-
RHSA-2024:3954
-
RHSA-2024:3955
-
RHSA-2024:4016
-
RHSA-2024:4036
-
RLSA-2024:3954
-
RLSA-2024:3955
-
RLSA-2024:4002
-
RLSA-2024:4036
-
SSA:2024-163-01
-
SUSE-SU-2024:2012-1
-
SUSE-SU-2024:2061-1
-
SUSE-SU-2024:2073-1
-
SUSE-SU-2024:2371-1
-
SUSE-SU-2024:2399-1
-
USN-6840-1
-
USN-6862-1
-
| Source | # ID | Name | URL |
|---|---|---|---|
| Bugzilla | 2291394 |
|
|
| Bugzilla | 2291395 |
|
|
| Bugzilla | 2291396 |
|
|
| Bugzilla | 2291397 |
|
|
| Bugzilla | 2291399 |
|
|
| Bugzilla | 2291400 |
|
|
| Bugzilla | 2291401 |
|
|
| RHSA | RHSA-2024:4002 |
|
|
| CVE | CVE-2024-5688 |
|
|
| CVE | CVE-2024-5690 |
|
|
| CVE | CVE-2024-5691 |
|
|
| CVE | CVE-2024-5693 |
|
|
| CVE | CVE-2024-5696 |
|
|
| CVE | CVE-2024-5700 |
|
|
| CVE | CVE-2024-5702 |
|
| Type | Package URL | Namespace | Name / Product | Version | Distribution / Platform | Arch | Patch / Fix |
|---|---|---|---|---|---|---|---|
| Affected | pkg:rpm/redhat/thunderbird?arch=x86_64&distro=redhat-9.4 | redhat |
thunderbird
|
< 115.12.1-1.el9_4 | redhat-9.4 | x86_64 | |
| Affected | pkg:rpm/redhat/thunderbird?arch=s390x&distro=redhat-9.4 | redhat |
thunderbird
|
< 115.12.1-1.el9_4 | redhat-9.4 | s390x | |
| Affected | pkg:rpm/redhat/thunderbird?arch=ppc64le&distro=redhat-9.4 | redhat |
thunderbird
|
< 115.12.1-1.el9_4 | redhat-9.4 | ppc64le | |
| Affected | pkg:rpm/redhat/thunderbird?arch=aarch64&distro=redhat-9.4 | redhat |
thunderbird
|
< 115.12.1-1.el9_4 | redhat-9.4 | aarch64 |
| # CVE | Description | CVSS | EPSS | EPSS Trend (30 days) | Affected Products | Weaknesses | Security Advisories | Exploits | PoC | Pubblication Date | Modification Date |
|---|---|---|---|---|---|---|---|---|---|---|---|
| # CVE | Description | CVSS | EPSS | EPSS Trend (30 days) | Affected Products | Weaknesses | Security Advisories | PoC | Pubblication Date | Modification Date |