[ALSA-2024:0963] Important: thunderbird security update
Type:
security
Severity:
important
Release date:
2024-02-28
Description:
Mozilla Thunderbird is a standalone mail and newsgroup client. This update upgrades Thunderbird to version 115.8.0. Security Fix(es): * Mozilla: Out-of-bounds memory read in networking channels (CVE-2024-1546) * Mozilla: Alert dialog could have been spoofed on another site (CVE-2024-1547) * Mozilla: Memory safety bugs fixed in Firefox 123, Firefox ESR 115.8, and Thunderbird 115.8 (CVE-2024-1553) * Mozilla: Fullscreen Notification could have been hidden by select element (CVE-2024-1548) * Mozilla: Custom cursor could obscure the permission dialog (CVE-2024-1549) * Mozilla: Mouse cursor re-positioned unexpectedly could have led to unintended permission grants (CVE-2024-1550) * Mozilla: Multipart HTTP Responses would accept the Set-Cookie header in response parts (CVE-2024-1551) * Mozilla: Incorrect code generation on 32-bit ARM devices (CVE-2024-1552) For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.
Updated packages listed below:
Architecture Package Checksum
aarch64 thunderbird-115.8.0-1.el9_3.alma.aarch64.rpm df038211b27d5b2a5790c4067ed68ea6ca648ecaa6cb0a3d6bc53ea192998dc8
ppc64le thunderbird-115.8.0-1.el9_3.alma.ppc64le.rpm 231ac4ceda7eaccedd665d30a4f2ac1f76601395f951868e37c93395d4faeb63
s390x thunderbird-115.8.0-1.el9_3.alma.s390x.rpm a55928bed8677be281530ed99b6b9c5a261a2277a83ecdbe3bd29ee521d42db4
x86_64 thunderbird-115.8.0-1.el9_3.alma.x86_64.rpm 700ae1ba5e311f0dbfeb4d2838e03d6c23e375b9f379eff347d06c7cca4eb7d4
Notes:
This page is generated automatically from Red Hat security data and has not been checked for errors. For clarification or corrections please contact the AlmaLinux Packaging Team.