Description:
Mozilla Thunderbird is a standalone mail and newsgroup client.
Security Fix(es):
* firefox: thunderbird: History interface could have been used to cause a Denial of Service condition in the browser (CVE-2024-10464)
* firefox: thunderbird: XSS due to Content-Disposition being ignored in multipart/x-mixed-replace response (CVE-2024-10461)
* firefox: thunderbird: Permission leak via embed or object elements (CVE-2024-10458)
* firefox: thunderbird: Use-after-free in layout with accessibility (CVE-2024-10459)
* firefox: thunderbird: Memory safety bugs fixed in Firefox 132, Thunderbird 132, Firefox ESR 128.4, and Thunderbird 128.4 (CVE-2024-10467)
* firefox: thunderbird: Clipboard "paste" button persisted across tabs (CVE-2024-10465)
* firefox: DOM push subscription message could hang Firefox (CVE-2024-10466)
* firefox: thunderbird: Cross origin video frame leak (CVE-2024-10463)
* firefox: thunderbird: Origin of permission prompt could be spoofed by long URL (CVE-2024-10462)
* firefox: thunderbird: Confusing display of origin for external protocol handler prompt (CVE-2024-10460)
For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.
Updated packages listed below:
Architecture |
Package |
Checksum |
aarch64 |
thunderbird-128.4.0-1.el8_10.alma.1.aarch64.rpm |
95a33a5db963c2d6e39f6d11e136d8e841c607e117d57800232120e1f0023791 |
ppc64le |
thunderbird-128.4.0-1.el8_10.alma.1.ppc64le.rpm |
14a1ff22df045f6414a2c110e878d6f0ee68925c13aa1d6c1e0dbaef91f3cbc3 |
s390x |
thunderbird-128.4.0-1.el8_10.alma.1.s390x.rpm |
a68397076f3bb76210a823a6db9d43021d4173e2ad0ad81ca0ef34ee84820a58 |
x86_64 |
thunderbird-128.4.0-1.el8_10.alma.1.x86_64.rpm |
685bc015e2a34288236c92a0a31bc5ac1f130e4ba791a9b88dd65aa7ad2318fd |