(RHSA-2024:5396) Important: thunderbird security update

2024-08-1411:38:22

access.redhat.com

thunderbird

security update

cves

mozilla

unix

embargoed

memory access

permission check

webgl

javascript

indexeddb

security prompts

CVSS3

9.6

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

REQUIRED

Scope

CHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H

AI Score

9.5

Confidence

High

JSON

Mozilla Thunderbird is a standalone mail and newsgroup client.

Security Fix(es):

EMBARGOED Thunderbird: 115.14/128.1 ()
mozilla: Fullscreen notification dialog can be obscured by document content (CVE-2024-7518)
mozilla: Out of bounds memory access in graphics shared memory handling (CVE-2024-7519)
mozilla: Type confusion in WebAssembly (CVE-2024-7520)
mozilla: Incomplete WebAssembly exception handing (CVE-2024-7521)
mozilla: Out of bounds read in editor component (CVE-2024-7522)
mozilla: Missing permission check when creating a StreamFilter (CVE-2024-7525)
mozilla: Uninitialized memory used by WebGL (CVE-2024-7526)
mozilla: Use-after-free in JavaScript garbage collection (CVE-2024-7527)
mozilla: Use-after-free in IndexedDB (CVE-2024-7528)
mozilla: Document content could partially obscure security prompts (CVE-2024-7529)

For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.

OSVersionArchitecturePackageVersionFilename
RedHat9ppc64lethunderbird-debugsource< 115.14.0-1.el9_2thunderbird-debugsource-115.14.0-1.el9_2.ppc64le.rpm
RedHat9x86_64thunderbird-debugsource< 115.14.0-1.el9_2thunderbird-debugsource-115.14.0-1.el9_2.x86_64.rpm
RedHat9aarch64thunderbird< 115.14.0-1.el9_2thunderbird-115.14.0-1.el9_2.aarch64.rpm
RedHat9x86_64thunderbird-debuginfo< 115.14.0-1.el9_2thunderbird-debuginfo-115.14.0-1.el9_2.x86_64.rpm
RedHat9s390xthunderbird< 115.14.0-1.el9_2thunderbird-115.14.0-1.el9_2.s390x.rpm
RedHat9x86_64thunderbird< 115.14.0-1.el9_2thunderbird-115.14.0-1.el9_2.x86_64.rpm
RedHat9aarch64thunderbird-debugsource< 115.14.0-1.el9_2thunderbird-debugsource-115.14.0-1.el9_2.aarch64.rpm
RedHat9ppc64lethunderbird-debuginfo< 115.14.0-1.el9_2thunderbird-debuginfo-115.14.0-1.el9_2.ppc64le.rpm
RedHat9ppc64lethunderbird< 115.14.0-1.el9_2thunderbird-115.14.0-1.el9_2.ppc64le.rpm
RedHat9aarch64thunderbird-debuginfo< 115.14.0-1.el9_2thunderbird-debuginfo-115.14.0-1.el9_2.aarch64.rpm

OS	Version	Architecture	Package	Version	Filename
RedHat	9	ppc64le	thunderbird-debugsource	< 115.14.0-1.el9_2	thunderbird-debugsource-115.14.0-1.el9_2.ppc64le.rpm
RedHat	9	x86_64	thunderbird-debugsource	< 115.14.0-1.el9_2	thunderbird-debugsource-115.14.0-1.el9_2.x86_64.rpm
RedHat	9	aarch64	thunderbird	< 115.14.0-1.el9_2	thunderbird-115.14.0-1.el9_2.aarch64.rpm
RedHat	9	x86_64	thunderbird-debuginfo	< 115.14.0-1.el9_2	thunderbird-debuginfo-115.14.0-1.el9_2.x86_64.rpm
RedHat	9	s390x	thunderbird	< 115.14.0-1.el9_2	thunderbird-115.14.0-1.el9_2.s390x.rpm
RedHat	9	x86_64	thunderbird	< 115.14.0-1.el9_2	thunderbird-115.14.0-1.el9_2.x86_64.rpm
RedHat	9	aarch64	thunderbird-debugsource	< 115.14.0-1.el9_2	thunderbird-debugsource-115.14.0-1.el9_2.aarch64.rpm
RedHat	9	ppc64le	thunderbird-debuginfo	< 115.14.0-1.el9_2	thunderbird-debuginfo-115.14.0-1.el9_2.ppc64le.rpm
RedHat	9	ppc64le	thunderbird	< 115.14.0-1.el9_2	thunderbird-115.14.0-1.el9_2.ppc64le.rpm
RedHat	9	aarch64	thunderbird-debuginfo	< 115.14.0-1.el9_2	thunderbird-debuginfo-115.14.0-1.el9_2.aarch64.rpm