[ALSA-2024:1493] Moderate: thunderbird security update
Type:
security
Severity:
moderate
Release date:
2024-04-10
Description:
Mozilla Thunderbird is a standalone mail and newsgroup client. This update upgrades Thunderbird to version 115.9.0. Security Fix(es): * nss: timing attack against RSA decryption (CVE-2023-5388) * Mozilla: Crash in NSS TLS method (CVE-2024-0743) * Mozilla: Leaking of encrypted email subjects to other conversations (CVE-2024-1936) * Mozilla: JIT code failed to save return registers on Armv7-A (CVE-2024-2607) * Mozilla: Integer overflow could have led to out of bounds write (CVE-2024-2608) * Mozilla: Improper handling of html and body tags enabled CSP nonce leakage (CVE-2024-2610) * Mozilla: Clickjacking vulnerability could have led to a user accidentally granting permissions (CVE-2024-2611) * Mozilla: Self referencing object could have potentially led to a use-after-free (CVE-2024-2612) * Mozilla: Memory safety bugs fixed in Firefox 124, Firefox ESR 115.9, and Thunderbird 115.9 (CVE-2024-2614) For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.
Updated packages listed below:
Architecture Package Checksum
aarch64 thunderbird-115.9.0-1.el9_3.alma.1.aarch64.rpm e1a2882e8ec1455dd1b099b403eb6881dac8f30f63ef3ceddfcf0b1ca44753e0
ppc64le thunderbird-115.9.0-1.el9_3.alma.1.ppc64le.rpm cafc8bc259da3b490d32cccf357bd8a50ea87dadb3c10c427e0d4f54c07de060
s390x thunderbird-115.9.0-1.el9_3.alma.1.s390x.rpm f1454e0e57fac02e6bed07f77a4ecf54de3c81c21f0cbcdfc0207693333933e8
x86_64 thunderbird-115.9.0-1.el9_3.alma.1.x86_64.rpm 1e1cfa46fa373e9b7f052c3e2a9ac8999fbbe3aa64ff1df0d7eb775edb45fb7b
Notes:
This page is generated automatically from Red Hat security data and has not been checked for errors. For clarification or corrections please contact the AlmaLinux Packaging Team.