[ALSA-2024:8790] Moderate: thunderbird security update
Type:
security
Severity:
moderate
Release date:
2024-11-04
Description:
Mozilla Thunderbird is a standalone mail and newsgroup client. Security Fix(es): * firefox: thunderbird: History interface could have been used to cause a Denial of Service condition in the browser (CVE-2024-10464) * firefox: thunderbird: XSS due to Content-Disposition being ignored in multipart/x-mixed-replace response (CVE-2024-10461) * firefox: thunderbird: Permission leak via embed or object elements (CVE-2024-10458) * firefox: thunderbird: Use-after-free in layout with accessibility (CVE-2024-10459) * firefox: thunderbird: Memory safety bugs fixed in Firefox 132, Thunderbird 132, Firefox ESR 128.4, and Thunderbird 128.4 (CVE-2024-10467) * firefox: thunderbird: Clipboard "paste" button persisted across tabs (CVE-2024-10465) * firefox: DOM push subscription message could hang Firefox (CVE-2024-10466) * firefox: thunderbird: Cross origin video frame leak (CVE-2024-10463) * firefox: thunderbird: Origin of permission prompt could be spoofed by long URL (CVE-2024-10462) * firefox: thunderbird: Confusing display of origin for external protocol handler prompt (CVE-2024-10460) For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.
Updated packages listed below:
Architecture Package Checksum
aarch64 thunderbird-128.4.0-1.el8_10.alma.1.aarch64.rpm 95a33a5db963c2d6e39f6d11e136d8e841c607e117d57800232120e1f0023791
ppc64le thunderbird-128.4.0-1.el8_10.alma.1.ppc64le.rpm 14a1ff22df045f6414a2c110e878d6f0ee68925c13aa1d6c1e0dbaef91f3cbc3
s390x thunderbird-128.4.0-1.el8_10.alma.1.s390x.rpm a68397076f3bb76210a823a6db9d43021d4173e2ad0ad81ca0ef34ee84820a58
x86_64 thunderbird-128.4.0-1.el8_10.alma.1.x86_64.rpm 685bc015e2a34288236c92a0a31bc5ac1f130e4ba791a9b88dd65aa7ad2318fd
Notes:
This page is generated automatically from Red Hat security data and has not been checked for errors. For clarification or corrections please contact the AlmaLinux Packaging Team.