Skip to navigation

Security Advisory Moderate: thunderbird security update

Advisory: RHSA-2011:0312-1
Type: Security Advisory
Severity: Moderate
Issued on: 2011-03-01
Last updated on: 2011-03-01
Affected Products: RHEL Optional Productivity Applications (v. 5 server)
RHEL Optional Productivity Applications EUS (v. 5.6.z server)
Red Hat Desktop (v. 4)
Red Hat Enterprise Linux AS (v. 4)
Red Hat Enterprise Linux AS (v. 4.8.z)
Red Hat Enterprise Linux Desktop (v. 5 client)
Red Hat Enterprise Linux ES (v. 4)
Red Hat Enterprise Linux ES (v. 4.8.z)
Red Hat Enterprise Linux WS (v. 4)
CVEs (cve.mitre.org): CVE-2011-0051
CVE-2011-0053

Details

An updated thunderbird package that fixes several security issues is now
available for Red Hat Enterprise Linux 4 and 5.

The Red Hat Security Response Team has rated this update as having moderate
security impact. Common Vulnerability Scoring System (CVSS) base scores,
which give detailed severity ratings, are available for each vulnerability
from the CVE links in the References section.

Mozilla Thunderbird is a standalone mail and newsgroup client.

Several flaws were found in the processing of malformed HTML content.
Malicious HTML content could cause Thunderbird to crash or, potentially,
execute arbitrary code with the privileges of the user running Thunderbird.
(CVE-2011-0051, CVE-2011-0053)

Note: JavaScript support is disabled by default in Thunderbird. The above
issues are not exploitable unless JavaScript is enabled.

All Thunderbird users should upgrade to this updated package, which
resolves these issues. All running instances of Thunderbird must be
restarted for the update to take effect.


Solution

Before applying this update, make sure all previously-released errata
relevant to your system have been applied.

This update is available via the Red Hat Network. Details on how to
use the Red Hat Network to apply this update are available at
http://kbase.redhat.com/faq/docs/DOC-11259

Updated packages

RHEL Optional Productivity Applications (v. 5 server)

SRPMS:
thunderbird-2.0.0.24-14.el5_6.src.rpm
File outdated by:  RHSA-2011:0887
    MD5: 70495cbf86434e160dc2df9d37c128b5
SHA-256: 4f616834ced89cfc1fed6dbb0c73e53358123683e72e5329e97c48a709ae4815
 
IA-32:
thunderbird-2.0.0.24-14.el5_6.i386.rpm
File outdated by:  RHSA-2014:0316
    MD5: c5881aaff57f4eb664c093f5b3734691
SHA-256: a3838a0c61c688f8c285f002e05a7359ee103c21048d76961ad773ef36600509
 
x86_64:
thunderbird-2.0.0.24-14.el5_6.x86_64.rpm
File outdated by:  RHSA-2014:0316
    MD5: b093a33b282785055285430a02c7a0f8
SHA-256: d066fb0be3fbe5e7023c7c960265c40d69737f3e6dab96448833b6db23301dcc
 
RHEL Optional Productivity Applications EUS (v. 5.6.z server)

SRPMS:
thunderbird-2.0.0.24-14.el5_6.src.rpm
File outdated by:  RHSA-2011:0887
    MD5: 70495cbf86434e160dc2df9d37c128b5
SHA-256: 4f616834ced89cfc1fed6dbb0c73e53358123683e72e5329e97c48a709ae4815
 
IA-32:
thunderbird-2.0.0.24-14.el5_6.i386.rpm
File outdated by:  RHSA-2011:0887
    MD5: c5881aaff57f4eb664c093f5b3734691
SHA-256: a3838a0c61c688f8c285f002e05a7359ee103c21048d76961ad773ef36600509
 
x86_64:
thunderbird-2.0.0.24-14.el5_6.x86_64.rpm
File outdated by:  RHSA-2011:0887
    MD5: b093a33b282785055285430a02c7a0f8
SHA-256: d066fb0be3fbe5e7023c7c960265c40d69737f3e6dab96448833b6db23301dcc
 
Red Hat Desktop (v. 4)

SRPMS:
thunderbird-1.5.0.12-35.el4.src.rpm
File outdated by:  RHSA-2012:0085
    MD5: 9ead4bfbce6fee011bed0effd8d29a95
SHA-256: 049d9fde532aac707ab3eaa619981503d9722323aec3ffa758abe01c135651cd
 
IA-32:
thunderbird-1.5.0.12-35.el4.i386.rpm
File outdated by:  RHSA-2012:0085
    MD5: df3c6a8bc1c888afcb536578bf76dab3
SHA-256: 1d439a654706c4fd797706463398123eec596e775fc5d29c13c8484dcf21a70a
 
x86_64:
thunderbird-1.5.0.12-35.el4.x86_64.rpm
File outdated by:  RHSA-2012:0085
    MD5: f3879836a6c54be2b74346bac7ddf927
SHA-256: c195b962dfb55a7bbbe1282f64e9fa5f6976aa6c6556d295b4e6865975bf6ce9
 
Red Hat Enterprise Linux AS (v. 4)

SRPMS:
thunderbird-1.5.0.12-35.el4.src.rpm
File outdated by:  RHSA-2012:0085
    MD5: 9ead4bfbce6fee011bed0effd8d29a95
SHA-256: 049d9fde532aac707ab3eaa619981503d9722323aec3ffa758abe01c135651cd
 
IA-32:
thunderbird-1.5.0.12-35.el4.i386.rpm
File outdated by:  RHSA-2012:0085
    MD5: df3c6a8bc1c888afcb536578bf76dab3
SHA-256: 1d439a654706c4fd797706463398123eec596e775fc5d29c13c8484dcf21a70a
 
IA-64:
thunderbird-1.5.0.12-35.el4.ia64.rpm
File outdated by:  RHSA-2012:0085
    MD5: 8c7a8e8d105cfa16c8051b0770b486fe
SHA-256: 93a421c5aef60599fd4ca9b7f8f27e35b469c0150b1bd1b6f0e08bbc2560a42a
 
PPC:
thunderbird-1.5.0.12-35.el4.ppc.rpm
File outdated by:  RHSA-2012:0085
    MD5: 2c750e240a6e765a55c798878b788155
SHA-256: 9dba41252e076cdd1a90fee87e6ec1ed16d97559ecb1bb2e85ec74226879d3d0
 
s390:
thunderbird-1.5.0.12-35.el4.s390.rpm
File outdated by:  RHSA-2012:0085
    MD5: 74c3a404c7ddde4062a01eea6198c044
SHA-256: 922c1e5b49a8dc1017000898885c778fc405533fd657d80cb0b29f8175fd1d4c
 
s390x:
thunderbird-1.5.0.12-35.el4.s390x.rpm
File outdated by:  RHSA-2012:0085
    MD5: c5311512bdf79c94d42f734726153322
SHA-256: 339baaf424d29490a34dc1ba8949f494d8a93821d66e2f624aae78b683f51ecf
 
x86_64:
thunderbird-1.5.0.12-35.el4.x86_64.rpm
File outdated by:  RHSA-2012:0085
    MD5: f3879836a6c54be2b74346bac7ddf927
SHA-256: c195b962dfb55a7bbbe1282f64e9fa5f6976aa6c6556d295b4e6865975bf6ce9
 
Red Hat Enterprise Linux AS (v. 4.8.z)

SRPMS:
thunderbird-1.5.0.12-35.el4.src.rpm
File outdated by:  RHSA-2012:0085
    MD5: 9ead4bfbce6fee011bed0effd8d29a95
SHA-256: 049d9fde532aac707ab3eaa619981503d9722323aec3ffa758abe01c135651cd
 
IA-32:
thunderbird-1.5.0.12-35.el4.i386.rpm
File outdated by:  RHSA-2011:0887
    MD5: df3c6a8bc1c888afcb536578bf76dab3
SHA-256: 1d439a654706c4fd797706463398123eec596e775fc5d29c13c8484dcf21a70a
 
IA-64:
thunderbird-1.5.0.12-35.el4.ia64.rpm
File outdated by:  RHSA-2011:0887
    MD5: 8c7a8e8d105cfa16c8051b0770b486fe
SHA-256: 93a421c5aef60599fd4ca9b7f8f27e35b469c0150b1bd1b6f0e08bbc2560a42a
 
PPC:
thunderbird-1.5.0.12-35.el4.ppc.rpm
File outdated by:  RHSA-2011:0887
    MD5: 2c750e240a6e765a55c798878b788155
SHA-256: 9dba41252e076cdd1a90fee87e6ec1ed16d97559ecb1bb2e85ec74226879d3d0
 
s390:
thunderbird-1.5.0.12-35.el4.s390.rpm
File outdated by:  RHSA-2011:0887
    MD5: 74c3a404c7ddde4062a01eea6198c044
SHA-256: 922c1e5b49a8dc1017000898885c778fc405533fd657d80cb0b29f8175fd1d4c
 
s390x:
thunderbird-1.5.0.12-35.el4.s390x.rpm
File outdated by:  RHSA-2011:0887
    MD5: c5311512bdf79c94d42f734726153322
SHA-256: 339baaf424d29490a34dc1ba8949f494d8a93821d66e2f624aae78b683f51ecf
 
x86_64:
thunderbird-1.5.0.12-35.el4.x86_64.rpm
File outdated by:  RHSA-2011:0887
    MD5: f3879836a6c54be2b74346bac7ddf927
SHA-256: c195b962dfb55a7bbbe1282f64e9fa5f6976aa6c6556d295b4e6865975bf6ce9
 
Red Hat Enterprise Linux Desktop (v. 5 client)

SRPMS:
thunderbird-2.0.0.24-14.el5_6.src.rpm
File outdated by:  RHSA-2011:0887
    MD5: 70495cbf86434e160dc2df9d37c128b5
SHA-256: 4f616834ced89cfc1fed6dbb0c73e53358123683e72e5329e97c48a709ae4815
 
IA-32:
thunderbird-2.0.0.24-14.el5_6.i386.rpm
File outdated by:  RHSA-2014:0316
    MD5: c5881aaff57f4eb664c093f5b3734691
SHA-256: a3838a0c61c688f8c285f002e05a7359ee103c21048d76961ad773ef36600509
 
x86_64:
thunderbird-2.0.0.24-14.el5_6.x86_64.rpm
File outdated by:  RHSA-2014:0316
    MD5: b093a33b282785055285430a02c7a0f8
SHA-256: d066fb0be3fbe5e7023c7c960265c40d69737f3e6dab96448833b6db23301dcc
 
Red Hat Enterprise Linux ES (v. 4)

SRPMS:
thunderbird-1.5.0.12-35.el4.src.rpm
File outdated by:  RHSA-2012:0085
    MD5: 9ead4bfbce6fee011bed0effd8d29a95
SHA-256: 049d9fde532aac707ab3eaa619981503d9722323aec3ffa758abe01c135651cd
 
IA-32:
thunderbird-1.5.0.12-35.el4.i386.rpm
File outdated by:  RHSA-2012:0085
    MD5: df3c6a8bc1c888afcb536578bf76dab3
SHA-256: 1d439a654706c4fd797706463398123eec596e775fc5d29c13c8484dcf21a70a
 
IA-64:
thunderbird-1.5.0.12-35.el4.ia64.rpm
File outdated by:  RHSA-2012:0085
    MD5: 8c7a8e8d105cfa16c8051b0770b486fe
SHA-256: 93a421c5aef60599fd4ca9b7f8f27e35b469c0150b1bd1b6f0e08bbc2560a42a
 
x86_64:
thunderbird-1.5.0.12-35.el4.x86_64.rpm
File outdated by:  RHSA-2012:0085
    MD5: f3879836a6c54be2b74346bac7ddf927
SHA-256: c195b962dfb55a7bbbe1282f64e9fa5f6976aa6c6556d295b4e6865975bf6ce9
 
Red Hat Enterprise Linux ES (v. 4.8.z)

SRPMS:
thunderbird-1.5.0.12-35.el4.src.rpm
File outdated by:  RHSA-2012:0085
    MD5: 9ead4bfbce6fee011bed0effd8d29a95
SHA-256: 049d9fde532aac707ab3eaa619981503d9722323aec3ffa758abe01c135651cd
 
IA-32:
thunderbird-1.5.0.12-35.el4.i386.rpm
File outdated by:  RHSA-2011:0887
    MD5: df3c6a8bc1c888afcb536578bf76dab3
SHA-256: 1d439a654706c4fd797706463398123eec596e775fc5d29c13c8484dcf21a70a
 
IA-64:
thunderbird-1.5.0.12-35.el4.ia64.rpm
File outdated by:  RHSA-2011:0887
    MD5: 8c7a8e8d105cfa16c8051b0770b486fe
SHA-256: 93a421c5aef60599fd4ca9b7f8f27e35b469c0150b1bd1b6f0e08bbc2560a42a
 
x86_64:
thunderbird-1.5.0.12-35.el4.x86_64.rpm
File outdated by:  RHSA-2011:0887
    MD5: f3879836a6c54be2b74346bac7ddf927
SHA-256: c195b962dfb55a7bbbe1282f64e9fa5f6976aa6c6556d295b4e6865975bf6ce9
 
Red Hat Enterprise Linux WS (v. 4)

SRPMS:
thunderbird-1.5.0.12-35.el4.src.rpm
File outdated by:  RHSA-2012:0085
    MD5: 9ead4bfbce6fee011bed0effd8d29a95
SHA-256: 049d9fde532aac707ab3eaa619981503d9722323aec3ffa758abe01c135651cd
 
IA-32:
thunderbird-1.5.0.12-35.el4.i386.rpm
File outdated by:  RHSA-2012:0085
    MD5: df3c6a8bc1c888afcb536578bf76dab3
SHA-256: 1d439a654706c4fd797706463398123eec596e775fc5d29c13c8484dcf21a70a
 
IA-64:
thunderbird-1.5.0.12-35.el4.ia64.rpm
File outdated by:  RHSA-2012:0085
    MD5: 8c7a8e8d105cfa16c8051b0770b486fe
SHA-256: 93a421c5aef60599fd4ca9b7f8f27e35b469c0150b1bd1b6f0e08bbc2560a42a
 
x86_64:
thunderbird-1.5.0.12-35.el4.x86_64.rpm
File outdated by:  RHSA-2012:0085
    MD5: f3879836a6c54be2b74346bac7ddf927
SHA-256: c195b962dfb55a7bbbe1282f64e9fa5f6976aa6c6556d295b4e6865975bf6ce9
 
(The unlinked packages above are only available from the Red Hat Network)

Bugs fixed (see bugzilla for more information)

675082 - CVE-2011-0053 Mozilla miscellaneous memory safety hazards (MFSA 2011-01)
675087 - CVE-2011-0051 Mozilla recursive eval call causes confirm dialog to evaluate to true (MFSA 2011-02)


References



These packages are GPG signed by Red Hat for security. Our key and details on how to verify the signature are available from:
https://www.redhat.com/security/team/key/#package

The Red Hat security contact is secalert@redhat.com. More contact details at http://www.redhat.com/security/team/contact/