(RHSA-2024:6683) Important: thunderbird security update

2024-09-1611:10:47

access.redhat.com

mozilla thunderbird

standalone mail client

security fix

type confusion

cve-2024-8381

cve-2024-8382

cve-2024-8384

cve-2024-8385

cve-2024-8386

cve-2024-8387

cve-2024-8394

cve-2024-7652

unix

CVSS3

9.8

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

AI Score

Confidence

High

JSON

Mozilla Thunderbird is a standalone mail and newsgroup client.

Security Fix(es):

thunderbird: 115.15/128.2 ()
mozilla: Type confusion when looking up a property name in a "with" block (CVE-2024-8381)
mozilla: Internal event interfaces were exposed to web content when browser EventHandler listener callbacks ran (CVE-2024-8382)
mozilla: Garbage collection could mis-color cross-compartment objects in OOM conditions (CVE-2024-8384)
mozilla: WASM type confusion involving ArrayTypes (CVE-2024-8385)
mozilla: SelectElements could be shown over another site if popups are allowed (CVE-2024-8386)
mozilla: Memory safety bugs fixed in Firefox 130, Firefox ESR 128.2, and Thunderbird 128.2 (CVE-2024-8387)
thunderbird: Crash when aborting verification of OTR chat (CVE-2024-8394)
mozilla: Type Confusion in Async Generators in Javascript Engine (CVE-2024-7652)

For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.

OSVersionArchitecturePackageVersionFilename
RedHat9s390xthunderbird-debugsource< 128.2.0-1.el9_4thunderbird-debugsource-128.2.0-1.el9_4.s390x.rpm
RedHat9x86_64thunderbird-debugsource< 128.2.0-1.el9_4thunderbird-debugsource-128.2.0-1.el9_4.x86_64.rpm
RedHat9x86_64thunderbird< 128.2.0-1.el9_4thunderbird-128.2.0-1.el9_4.x86_64.rpm
RedHat9aarch64thunderbird-debuginfo< 128.2.0-1.el9_4thunderbird-debuginfo-128.2.0-1.el9_4.aarch64.rpm
RedHat9x86_64thunderbird-debuginfo< 128.2.0-1.el9_4thunderbird-debuginfo-128.2.0-1.el9_4.x86_64.rpm
RedHat9ppc64lethunderbird-debuginfo< 128.2.0-1.el9_4thunderbird-debuginfo-128.2.0-1.el9_4.ppc64le.rpm
RedHat9ppc64lethunderbird< 128.2.0-1.el9_4thunderbird-128.2.0-1.el9_4.ppc64le.rpm
RedHat9s390xthunderbird< 128.2.0-1.el9_4thunderbird-128.2.0-1.el9_4.s390x.rpm
RedHat9aarch64thunderbird-debugsource< 128.2.0-1.el9_4thunderbird-debugsource-128.2.0-1.el9_4.aarch64.rpm
RedHat9ppc64lethunderbird-debugsource< 128.2.0-1.el9_4thunderbird-debugsource-128.2.0-1.el9_4.ppc64le.rpm

OS	Version	Architecture	Package	Version	Filename
RedHat	9	s390x	thunderbird-debugsource	< 128.2.0-1.el9_4	thunderbird-debugsource-128.2.0-1.el9_4.s390x.rpm
RedHat	9	x86_64	thunderbird-debugsource	< 128.2.0-1.el9_4	thunderbird-debugsource-128.2.0-1.el9_4.x86_64.rpm
RedHat	9	x86_64	thunderbird	< 128.2.0-1.el9_4	thunderbird-128.2.0-1.el9_4.x86_64.rpm
RedHat	9	aarch64	thunderbird-debuginfo	< 128.2.0-1.el9_4	thunderbird-debuginfo-128.2.0-1.el9_4.aarch64.rpm
RedHat	9	x86_64	thunderbird-debuginfo	< 128.2.0-1.el9_4	thunderbird-debuginfo-128.2.0-1.el9_4.x86_64.rpm
RedHat	9	ppc64le	thunderbird-debuginfo	< 128.2.0-1.el9_4	thunderbird-debuginfo-128.2.0-1.el9_4.ppc64le.rpm
RedHat	9	ppc64le	thunderbird	< 128.2.0-1.el9_4	thunderbird-128.2.0-1.el9_4.ppc64le.rpm
RedHat	9	s390x	thunderbird	< 128.2.0-1.el9_4	thunderbird-128.2.0-1.el9_4.s390x.rpm
RedHat	9	aarch64	thunderbird-debugsource	< 128.2.0-1.el9_4	thunderbird-debugsource-128.2.0-1.el9_4.aarch64.rpm
RedHat	9	ppc64le	thunderbird-debugsource	< 128.2.0-1.el9_4	thunderbird-debugsource-128.2.0-1.el9_4.ppc64le.rpm