(RHSA-2024:5528) Important: thunderbird security update

2024-08-1900:59:43

access.redhat.com

thunderbird

security update

fix

cve-2024-7518

cve-2024-7519

cve-2024-7520

cve-2024-7521

cve-2024-7522

cve-2024-7525

cve-2024-7526

cve-2024-7527

cve-2024-7528

cve-2024-7529

CVSS3

9.6

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

REQUIRED

Scope

CHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H

AI Score

7.1

Confidence

Low

EPSS

0.001

Percentile

36.5%

JSON

Mozilla Thunderbird is a standalone mail and newsgroup client.

Security Fix(es):

Thunderbird: 115.14/128.1 ()
mozilla: Fullscreen notification dialog can be obscured by document content (CVE-2024-7518)
mozilla: Out of bounds memory access in graphics shared memory handling (CVE-2024-7519)
mozilla: Type confusion in WebAssembly (CVE-2024-7520)
mozilla: Incomplete WebAssembly exception handing (CVE-2024-7521)
mozilla: Out of bounds read in editor component (CVE-2024-7522)
mozilla: Missing permission check when creating a StreamFilter (CVE-2024-7525)
mozilla: Uninitialized memory used by WebGL (CVE-2024-7526)
mozilla: Use-after-free in JavaScript garbage collection (CVE-2024-7527)
mozilla: Use-after-free in IndexedDB (CVE-2024-7528)
mozilla: Document content could partially obscure security prompts (CVE-2024-7529)

For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.

OSVersionArchitecturePackageVersionFilename
RedHat8s390xthunderbird-debuginfo< 115.14.0-1.el8_6thunderbird-debuginfo-115.14.0-1.el8_6.s390x.rpm
RedHat8ppc64lethunderbird< 115.14.0-1.el8_6thunderbird-115.14.0-1.el8_6.ppc64le.rpm
RedHat8aarch64thunderbird-debugsource< 115.14.0-1.el8_6thunderbird-debugsource-115.14.0-1.el8_6.aarch64.rpm
RedHat8ppc64lethunderbird-debuginfo< 115.14.0-1.el8_6thunderbird-debuginfo-115.14.0-1.el8_6.ppc64le.rpm
RedHat8aarch64thunderbird< 115.14.0-1.el8_6thunderbird-115.14.0-1.el8_6.aarch64.rpm
RedHat8aarch64thunderbird-debuginfo< 115.14.0-1.el8_6thunderbird-debuginfo-115.14.0-1.el8_6.aarch64.rpm
RedHat8s390xthunderbird-debugsource< 115.14.0-1.el8_6thunderbird-debugsource-115.14.0-1.el8_6.s390x.rpm
RedHat8x86_64thunderbird< 115.14.0-1.el8_6thunderbird-115.14.0-1.el8_6.x86_64.rpm
RedHat8x86_64thunderbird-debuginfo< 115.14.0-1.el8_6thunderbird-debuginfo-115.14.0-1.el8_6.x86_64.rpm
RedHat8s390xthunderbird< 115.14.0-1.el8_6thunderbird-115.14.0-1.el8_6.s390x.rpm

OS	Version	Architecture	Package	Version	Filename
RedHat	8	s390x	thunderbird-debuginfo	< 115.14.0-1.el8_6	thunderbird-debuginfo-115.14.0-1.el8_6.s390x.rpm
RedHat	8	ppc64le	thunderbird	< 115.14.0-1.el8_6	thunderbird-115.14.0-1.el8_6.ppc64le.rpm
RedHat	8	aarch64	thunderbird-debugsource	< 115.14.0-1.el8_6	thunderbird-debugsource-115.14.0-1.el8_6.aarch64.rpm
RedHat	8	ppc64le	thunderbird-debuginfo	< 115.14.0-1.el8_6	thunderbird-debuginfo-115.14.0-1.el8_6.ppc64le.rpm
RedHat	8	aarch64	thunderbird	< 115.14.0-1.el8_6	thunderbird-115.14.0-1.el8_6.aarch64.rpm
RedHat	8	aarch64	thunderbird-debuginfo	< 115.14.0-1.el8_6	thunderbird-debuginfo-115.14.0-1.el8_6.aarch64.rpm
RedHat	8	s390x	thunderbird-debugsource	< 115.14.0-1.el8_6	thunderbird-debugsource-115.14.0-1.el8_6.s390x.rpm
RedHat	8	x86_64	thunderbird	< 115.14.0-1.el8_6	thunderbird-115.14.0-1.el8_6.x86_64.rpm
RedHat	8	x86_64	thunderbird-debuginfo	< 115.14.0-1.el8_6	thunderbird-debuginfo-115.14.0-1.el8_6.x86_64.rpm
RedHat	8	s390x	thunderbird	< 115.14.0-1.el8_6	thunderbird-115.14.0-1.el8_6.s390x.rpm