Skip to navigation

Security Advisory Critical: thunderbird security update

Advisory: RHSA-2011:1165-1
Type: Security Advisory
Severity: Critical
Issued on: 2011-08-16
Last updated on: 2011-08-16
Affected Products: RHEL Optional Productivity Applications (v. 5 server)
Red Hat Desktop (v. 4)
Red Hat Enterprise Linux AS (v. 4)
Red Hat Enterprise Linux Desktop (v. 5 client)
Red Hat Enterprise Linux ES (v. 4)
Red Hat Enterprise Linux WS (v. 4)
CVEs (cve.mitre.org): CVE-2011-2982
CVE-2011-2983

Details

An updated thunderbird package that fixes several security issues is now
available for Red Hat Enterprise Linux 4 and 5.

The Red Hat Security Response Team has rated this update as having critical
security impact. Common Vulnerability Scoring System (CVSS) base scores,
which give detailed severity ratings, are available for each vulnerability
from the CVE links in the References section.

Mozilla Thunderbird is a standalone mail and newsgroup client.

Several flaws were found in the processing of malformed HTML content.
Malicious HTML content could cause Thunderbird to crash or, potentially,
execute arbitrary code with the privileges of the user running
Thunderbird. (CVE-2011-2982)

A flaw was found in the way Thunderbird handled malformed JavaScript.
Malicious content could cause Thunderbird to access already freed memory,
causing Thunderbird to crash or, potentially, execute arbitrary code with
the privileges of the user running Thunderbird. (CVE-2011-2983)

Note: This update disables support for Scalable Vector Graphics (SVG)
images in Thunderbird on Red Hat Enterprise Linux 5.

All Thunderbird users should upgrade to this updated package, which
resolves these issues. All running instances of Thunderbird must be
restarted for the update to take effect.


Solution

Before applying this update, make sure all previously-released errata
relevant to your system have been applied.

This update is available via the Red Hat Network. Details on how to
use the Red Hat Network to apply this update are available at
https://access.redhat.com/kb/docs/DOC-11259

Updated packages

RHEL Optional Productivity Applications (v. 5 server)

SRPMS:
thunderbird-2.0.0.24-21.el5.src.rpm
File outdated by:  RHSA-2014:0316
    MD5: 592dbac2ea884b1791d82ab2109f27e5
SHA-256: 3285f8a8518c1d382992d0d66776c61d98254cadd4141b508d2f17a213ce04b9
 
IA-32:
thunderbird-2.0.0.24-21.el5.i386.rpm
File outdated by:  RHSA-2014:0316
    MD5: 2be00922dd6829c8c5743357e681498a
SHA-256: 4a12f42df4fc3e84f961b6c6301464036dce7f1c56001053174646dc0a9f6375
 
x86_64:
thunderbird-2.0.0.24-21.el5.x86_64.rpm
File outdated by:  RHSA-2014:0316
    MD5: 03ab260c5451f4bd060fd7af7796abb6
SHA-256: 319778d5718f6df24d4268303db62264f3e4a9745b7642dd27d5803d2f1870aa
 
Red Hat Desktop (v. 4)

SRPMS:
thunderbird-1.5.0.12-40.el4.src.rpm
File outdated by:  RHSA-2012:0085
    MD5: babf5fad038951603d854d8711a29934
SHA-256: 3d3159f76f22a3ff4c64f77c114134fad62ab7c991771e77d1703bac31347b73
 
IA-32:
thunderbird-1.5.0.12-40.el4.i386.rpm
File outdated by:  RHSA-2012:0085
    MD5: bdac406ddb075214565dc1d9947c4574
SHA-256: 43ff52cc59c7a91a4b0ed29069a4231df012eb6f56059134d731462f4cea6477
 
x86_64:
thunderbird-1.5.0.12-40.el4.x86_64.rpm
File outdated by:  RHSA-2012:0085
    MD5: fc84db3bc9b86e02c69e68bdf3b8e3eb
SHA-256: f816e1eeae14e892ecfe5875466a0f7ca50270ca57486475fbc110e448717bb0
 
Red Hat Enterprise Linux AS (v. 4)

SRPMS:
thunderbird-1.5.0.12-40.el4.src.rpm
File outdated by:  RHSA-2012:0085
    MD5: babf5fad038951603d854d8711a29934
SHA-256: 3d3159f76f22a3ff4c64f77c114134fad62ab7c991771e77d1703bac31347b73
 
IA-32:
thunderbird-1.5.0.12-40.el4.i386.rpm
File outdated by:  RHSA-2012:0085
    MD5: bdac406ddb075214565dc1d9947c4574
SHA-256: 43ff52cc59c7a91a4b0ed29069a4231df012eb6f56059134d731462f4cea6477
 
IA-64:
thunderbird-1.5.0.12-40.el4.ia64.rpm
File outdated by:  RHSA-2012:0085
    MD5: 63fbc365c0f1fdeb860c63ae0f1d65f3
SHA-256: 400bdcd50484c0492121a3fb353b3527915f34989b8b3e03f0f1b541753852d7
 
PPC:
thunderbird-1.5.0.12-40.el4.ppc.rpm
File outdated by:  RHSA-2012:0085
    MD5: 3b52f7117cc681c4cfdaa673cf362177
SHA-256: de5b448516fec56cea5a361ae7375f347f81a03d20465ceb3ae4f6a34380c6d2
 
s390:
thunderbird-1.5.0.12-40.el4.s390.rpm
File outdated by:  RHSA-2012:0085
    MD5: e12f0bc23f8691e0915d1303632dd367
SHA-256: 787205641824b46aa321228f5f5732246e7b5c27bdca3c45acd24bbb30539215
 
s390x:
thunderbird-1.5.0.12-40.el4.s390x.rpm
File outdated by:  RHSA-2012:0085
    MD5: 5be6fc60a113c9afaa663aed6a88afab
SHA-256: f0679ff594d6e4aad8f4e0915fc4fd0443750506a9d5c8b31c59eb69ce32f3a5
 
x86_64:
thunderbird-1.5.0.12-40.el4.x86_64.rpm
File outdated by:  RHSA-2012:0085
    MD5: fc84db3bc9b86e02c69e68bdf3b8e3eb
SHA-256: f816e1eeae14e892ecfe5875466a0f7ca50270ca57486475fbc110e448717bb0
 
Red Hat Enterprise Linux Desktop (v. 5 client)

SRPMS:
thunderbird-2.0.0.24-21.el5.src.rpm
File outdated by:  RHSA-2014:0316
    MD5: 592dbac2ea884b1791d82ab2109f27e5
SHA-256: 3285f8a8518c1d382992d0d66776c61d98254cadd4141b508d2f17a213ce04b9
 
IA-32:
thunderbird-2.0.0.24-21.el5.i386.rpm
File outdated by:  RHSA-2014:0316
    MD5: 2be00922dd6829c8c5743357e681498a
SHA-256: 4a12f42df4fc3e84f961b6c6301464036dce7f1c56001053174646dc0a9f6375
 
x86_64:
thunderbird-2.0.0.24-21.el5.x86_64.rpm
File outdated by:  RHSA-2014:0316
    MD5: 03ab260c5451f4bd060fd7af7796abb6
SHA-256: 319778d5718f6df24d4268303db62264f3e4a9745b7642dd27d5803d2f1870aa
 
Red Hat Enterprise Linux ES (v. 4)

SRPMS:
thunderbird-1.5.0.12-40.el4.src.rpm
File outdated by:  RHSA-2012:0085
    MD5: babf5fad038951603d854d8711a29934
SHA-256: 3d3159f76f22a3ff4c64f77c114134fad62ab7c991771e77d1703bac31347b73
 
IA-32:
thunderbird-1.5.0.12-40.el4.i386.rpm
File outdated by:  RHSA-2012:0085
    MD5: bdac406ddb075214565dc1d9947c4574
SHA-256: 43ff52cc59c7a91a4b0ed29069a4231df012eb6f56059134d731462f4cea6477
 
IA-64:
thunderbird-1.5.0.12-40.el4.ia64.rpm
File outdated by:  RHSA-2012:0085
    MD5: 63fbc365c0f1fdeb860c63ae0f1d65f3
SHA-256: 400bdcd50484c0492121a3fb353b3527915f34989b8b3e03f0f1b541753852d7
 
x86_64:
thunderbird-1.5.0.12-40.el4.x86_64.rpm
File outdated by:  RHSA-2012:0085
    MD5: fc84db3bc9b86e02c69e68bdf3b8e3eb
SHA-256: f816e1eeae14e892ecfe5875466a0f7ca50270ca57486475fbc110e448717bb0
 
Red Hat Enterprise Linux WS (v. 4)

SRPMS:
thunderbird-1.5.0.12-40.el4.src.rpm
File outdated by:  RHSA-2012:0085
    MD5: babf5fad038951603d854d8711a29934
SHA-256: 3d3159f76f22a3ff4c64f77c114134fad62ab7c991771e77d1703bac31347b73
 
IA-32:
thunderbird-1.5.0.12-40.el4.i386.rpm
File outdated by:  RHSA-2012:0085
    MD5: bdac406ddb075214565dc1d9947c4574
SHA-256: 43ff52cc59c7a91a4b0ed29069a4231df012eb6f56059134d731462f4cea6477
 
IA-64:
thunderbird-1.5.0.12-40.el4.ia64.rpm
File outdated by:  RHSA-2012:0085
    MD5: 63fbc365c0f1fdeb860c63ae0f1d65f3
SHA-256: 400bdcd50484c0492121a3fb353b3527915f34989b8b3e03f0f1b541753852d7
 
x86_64:
thunderbird-1.5.0.12-40.el4.x86_64.rpm
File outdated by:  RHSA-2012:0085
    MD5: fc84db3bc9b86e02c69e68bdf3b8e3eb
SHA-256: f816e1eeae14e892ecfe5875466a0f7ca50270ca57486475fbc110e448717bb0
 
(The unlinked packages above are only available from the Red Hat Network)

Bugs fixed (see bugzilla for more information)

730518 - CVE-2011-2982 Mozilla: Miscellaneous memory safety hazards
730523 - CVE-2011-2983 Mozilla: Private data leakage using RegExp.input


References



These packages are GPG signed by Red Hat for security. Our key and details on how to verify the signature are available from:
https://www.redhat.com/security/team/key/#package

The Red Hat security contact is secalert@redhat.com. More contact details at http://www.redhat.com/security/team/contact/