Lucene search
AlmaLinuxALSA-2024:2888HistoryMay 16, 2024 - 12:00 a.m.
Important: thunderbird security update
2024-05-1600:00:00
errata.almalinux.org
2
mozilla thunderbird
standalone mail client
newsgroup
security update
version 115.11.0
security fixes
cve-2024-4367
cve-2024-4767
cve-2024-4768
cve-2024-4769
cve-2024-4770
cve-2024-4777
unix
Mozilla Thunderbird is a standalone mail and newsgroup client.
This update upgrades Thunderbird to version 115.11.0.
Security Fix(es):
- firefox: Arbitrary JavaScript execution in PDF.js (CVE-2024-4367)
- firefox: IndexedDB files retained in private browsing mode (CVE-2024-4767)
- firefox: Potential permissions request bypass via clickjacking (CVE-2024-4768)
- firefox: Cross-origin responses could be distinguished between script and
non-script content-types (CVE-2024-4769) - firefox: Use-after-free could occur when printing to PDF (CVE-2024-4770)
- firefox: Memory safety bugs fixed in Firefox 126, Firefox ESR 115.11, and
Thunderbird 115.11 (CVE-2024-4777)
For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.
| OS | Version | Architecture | Package | Version | Filename |
|---|---|---|---|---|---|
| almalinux | 9 | x86_64 | thunderbird | < 115.11.0-1.el9_4.alma.1 | thunderbird-115.11.0-1.el9_4.alma.1.x86_64.rpm |
| almalinux | 9 | ppc64le | thunderbird | < 115.11.0-1.el9_4.alma.1 | thunderbird-115.11.0-1.el9_4.alma.1.ppc64le.rpm |
| almalinux | 9 | aarch64 | thunderbird | < 115.11.0-1.el9_4.alma.1 | thunderbird-115.11.0-1.el9_4.alma.1.aarch64.rpm |
| almalinux | 9 | s390x | thunderbird | < 115.11.0-1.el9_4.alma.1 | thunderbird-115.11.0-1.el9_4.alma.1.s390x.rpm |
References
access.redhat.com/errata/RHSA-2024:2888
access.redhat.com/security/cve/CVE-2024-4367
access.redhat.com/security/cve/CVE-2024-4767
access.redhat.com/security/cve/CVE-2024-4768
access.redhat.com/security/cve/CVE-2024-4769
access.redhat.com/security/cve/CVE-2024-4770
access.redhat.com/security/cve/CVE-2024-4777
bugzilla.redhat.com/2280382
bugzilla.redhat.com/2280383
bugzilla.redhat.com/2280384
bugzilla.redhat.com/2280385
bugzilla.redhat.com/2280386
bugzilla.redhat.com/2280387
errata.almalinux.org/9/ALSA-2024-2888.html
Related
mozilla
mozilla
Security Vulnerabilities fixed in Firefox ESR 115.11 — Mozilla
2024-05-14 00:00:00
Security Vulnerabilities fixed in Thunderbird 115.11 — Mozilla
2024-05-15 00:00:00
Security Vulnerabilities fixed in Firefox 126 — Mozilla
2024-05-14 00:00:00
openvas
openvas
Slackware: Security Advisory (SSA:2024-135-01)
2024-05-15 00:00:00
Mozilla Firefox ESR Security Update (mfsa_2024-22) - Mac OS X
2024-05-17 00:00:00
Mozilla Thunderbird Security Update (mfsa_2024-23) - Windows
2024-05-17 00:00:00
redhat
redhat
(RHSA-2024:2886) Important: firefox security update
2024-05-16 11:24:44
(RHSA-2024:2885) Important: firefox security update
2024-05-16 11:24:38
(RHSA-2024:2905) Important: thunderbird security update
2024-05-20 01:02:21
debian
debian
[SECURITY] [DLA 3815-1] firefox-esr security update
2024-05-16 07:16:17
[SECURITY] [DSA 5693-1] thunderbird security update
2024-05-17 17:04:52
[SECURITY] [DSA 5691-1] firefox-esr security update
2024-05-15 17:48:47
osv
osv
thunderbird - security update
2024-05-17 00:00:00
Important: thunderbird security update
2024-05-16 00:00:00
thunderbird vulnerabilities
2024-05-22 05:06:43
nessus
nessus
CentOS 7 : firefox (RHSA-2024:2881)
2024-05-16 00:00:00
RHEL 8 : firefox (RHSA-2024:2886)
2024-05-16 00:00:00
RHEL 8 : firefox (RHSA-2024:2885)
2024-05-16 00:00:00
mageia
mageia
Updated nss & firefox packages fix security vulnerabilities
2024-05-22 02:17:20
Updated thunderbird packages fix security vulnerabilities
2024-05-22 02:38:02
rocky
rocky
thunderbird security update
2024-06-14 14:00:40
kaspersky
kaspersky
KLA67450 Multiple vulnerabilities in Mozilla Thunderbird
2024-05-15 00:00:00
KLA67587 Multiple vulnerabilities in Mozilla Firefox ESR
2024-05-14 00:00:00
KLA67588 Multiple vulnerabilities in Mozilla Firefox
2024-05-14 00:00:00
oraclelinux
oraclelinux
firefox security update
2024-05-16 00:00:00
thunderbird security update
2024-05-20 00:00:00
thunderbird security update
2024-06-11 00:00:00
slackware
slackware
[slackware-security] mozilla-thunderbird
2024-06-12 21:36:48
[slackware-security] mozilla-firefox
2024-05-14 19:27:14
almalinux
almalinux
Moderate: thunderbird security update
2024-06-10 00:00:00
Moderate: firefox security update
2024-06-10 00:00:00
Important: firefox security update
2024-05-16 00:00:00
ubuntu
ubuntu
Thunderbird vulnerabilities
2024-05-22 00:00:00
Firefox vulnerabilities
2024-05-21 00:00:00
Firefox regressions
2024-05-29 00:00:00
amazon
amazon
Important: thunderbird
2024-06-06 20:17:00
redhatcve
redhatcve
cvelist
cvelist
ubuntucve
ubuntucve
github
github
Arbitrary JavaScript execution due to using outdated libraries
2024-06-05 14:15:50
nvd
nvd
cve
cve
vulnrichment
vulnrichment
veracode
veracode
Remote Code Execution (RCE)
2024-05-08 04:43:35
Permission Issues
2024-05-20 12:36:39
Information Exposure
2024-05-20 12:38:49
githubexploit
githubexploit
Exploit for CVE-2024-4367
2024-05-20 10:02:23
Exploit for CVE-2024-4367
2024-05-20 22:56:10
Exploit for CVE-2024-4367
2024-05-22 18:05:47
debiancve
debiancve
wpvulndb
wpvulndb
PDF.js < 4.2.67 - Arbitrary JavaScript Execution
2024-06-03 00:00:00
alpinelinux
alpinelinux
CVE-2024-4767
2024-05-14 18:15:13
thn
thn
freebsd
freebsd
Gitlab -- Vulnerabilities
2024-05-22 00:00:00
wordfence
wordfence