Skip to navigation

Security Advisory Critical: thunderbird security update

Advisory: RHSA-2011:1166-1
Type: Security Advisory
Severity: Critical
Issued on: 2011-08-16
Last updated on: 2011-08-16
Affected Products: Red Hat Enterprise Linux Desktop (v. 6)
Red Hat Enterprise Linux Server (v. 6)
Red Hat Enterprise Linux Server EUS (v. 6.1.z)
Red Hat Enterprise Linux Workstation (v. 6)
CVEs (cve.mitre.org): CVE-2011-0084
CVE-2011-2378
CVE-2011-2982

Details

An updated thunderbird package that fixes several security issues is now
available for Red Hat Enterprise Linux 6.

The Red Hat Security Response Team has rated this update as having critical
security impact. Common Vulnerability Scoring System (CVSS) base scores,
which give detailed severity ratings, are available for each vulnerability
from the CVE links in the References section.

Mozilla Thunderbird is a standalone mail and newsgroup client.

Several flaws were found in the processing of malformed HTML content.
Malicious HTML content could cause Thunderbird to crash or, potentially,
execute arbitrary code with the privileges of the user running Thunderbird.
(CVE-2011-2982)

A dangling pointer flaw was found in the Thunderbird Scalable Vector
Graphics (SVG) text manipulation routine. An HTML mail message containing a
malicious SVG image could cause Thunderbird to crash or, potentially,
execute arbitrary code with the privileges of the user running Thunderbird.
(CVE-2011-0084)

A dangling pointer flaw was found in the way Thunderbird handled a certain
Document Object Model (DOM) element. An HTML mail message containing
malicious content could cause Thunderbird to crash or, potentially, execute
arbitrary code with the privileges of the user running Thunderbird.
(CVE-2011-2378)

All Thunderbird users should upgrade to this updated package, which
resolves these issues. All running instances of Thunderbird must be
restarted for the update to take effect.


Solution

Before applying this update, make sure all previously-released errata
relevant to your system have been applied.

This update is available via the Red Hat Network. Details on how to
use the Red Hat Network to apply this update are available at
https://access.redhat.com/kb/docs/DOC-11259

Updated packages

Red Hat Enterprise Linux Desktop (v. 6)

SRPMS:
thunderbird-3.1.12-1.el6_1.src.rpm
File outdated by:  RHSA-2014:0316
    MD5: a5362c02c065b6d024aa4c7ae7669028
SHA-256: ca77a59c93c25a198b5f2277ee5b5d1da9cd5f1744330bcfe15efd16b07f4b78
 
IA-32:
thunderbird-3.1.12-1.el6_1.i686.rpm
File outdated by:  RHSA-2014:0316
    MD5: bf3009a3a9cf97cc7704f9784446386f
SHA-256: c86e10d5dc92dbe098c5eef55fd2d904fdea095be8ebb5d9f39a7fb964171432
thunderbird-debuginfo-3.1.12-1.el6_1.i686.rpm
File outdated by:  RHSA-2014:0316
    MD5: f0e82d6b9df0d1b60a99496aa5938d5b
SHA-256: fc8fa5b67a17b8e5db366138772a51e58928562da3a8e44124420d1aec053039
 
x86_64:
thunderbird-3.1.12-1.el6_1.x86_64.rpm
File outdated by:  RHSA-2014:0316
    MD5: cb9ea55b8e47a7cb4cec47c60e29cdb3
SHA-256: 4a16ee7d6b87dd734fcd017c1048f014351a1ee1e9a3e834d454296e2cbe0a63
thunderbird-debuginfo-3.1.12-1.el6_1.x86_64.rpm
File outdated by:  RHSA-2014:0316
    MD5: 3893ae4c9555cb1a69a969a5a1218560
SHA-256: 57e97870ce5f4019a5c43a6ed1d80213b4fb5b3bd035176f9d0d3b07cd804829
 
Red Hat Enterprise Linux Server (v. 6)

SRPMS:
thunderbird-3.1.12-1.el6_1.src.rpm
File outdated by:  RHSA-2014:0316
    MD5: a5362c02c065b6d024aa4c7ae7669028
SHA-256: ca77a59c93c25a198b5f2277ee5b5d1da9cd5f1744330bcfe15efd16b07f4b78
 
IA-32:
thunderbird-3.1.12-1.el6_1.i686.rpm
File outdated by:  RHSA-2014:0316
    MD5: bf3009a3a9cf97cc7704f9784446386f
SHA-256: c86e10d5dc92dbe098c5eef55fd2d904fdea095be8ebb5d9f39a7fb964171432
thunderbird-debuginfo-3.1.12-1.el6_1.i686.rpm
File outdated by:  RHSA-2014:0316
    MD5: f0e82d6b9df0d1b60a99496aa5938d5b
SHA-256: fc8fa5b67a17b8e5db366138772a51e58928562da3a8e44124420d1aec053039
 
PPC:
thunderbird-3.1.12-1.el6_1.ppc64.rpm
File outdated by:  RHSA-2014:0316
    MD5: dde4f6e2fb99006b349a35cfe758028c
SHA-256: 489c9cd848f75acac8b93cf2fd0923c23b191c7a800dde15b4060067597979ae
thunderbird-debuginfo-3.1.12-1.el6_1.ppc64.rpm
File outdated by:  RHSA-2014:0316
    MD5: 38d03ed75866e3b18adcf0ca82aa0038
SHA-256: 34034d1ef353e495a190d754bce71d4a3c53f8a232ac839bb91d32e03d8f89ae
 
s390x:
thunderbird-3.1.12-1.el6_1.s390x.rpm
File outdated by:  RHSA-2014:0316
    MD5: 46513430be46ee60174185a13c9bb0b4
SHA-256: 3e0f8fdf29f81c4b59ce5921ce53dc296815c9db41585886212a377cc8fe4edf
thunderbird-debuginfo-3.1.12-1.el6_1.s390x.rpm
File outdated by:  RHSA-2014:0316
    MD5: a33b1edd65a1b2d617b2c660e9ae5173
SHA-256: 9697a0f4f213329d95ddce01d7b3c47ca75a81f5e5e38919bae7b4afb4217e90
 
x86_64:
thunderbird-3.1.12-1.el6_1.x86_64.rpm
File outdated by:  RHSA-2014:0316
    MD5: cb9ea55b8e47a7cb4cec47c60e29cdb3
SHA-256: 4a16ee7d6b87dd734fcd017c1048f014351a1ee1e9a3e834d454296e2cbe0a63
thunderbird-debuginfo-3.1.12-1.el6_1.x86_64.rpm
File outdated by:  RHSA-2014:0316
    MD5: 3893ae4c9555cb1a69a969a5a1218560
SHA-256: 57e97870ce5f4019a5c43a6ed1d80213b4fb5b3bd035176f9d0d3b07cd804829
 
Red Hat Enterprise Linux Server EUS (v. 6.1.z)

SRPMS:
thunderbird-3.1.12-1.el6_1.src.rpm
File outdated by:  RHSA-2014:0316
    MD5: a5362c02c065b6d024aa4c7ae7669028
SHA-256: ca77a59c93c25a198b5f2277ee5b5d1da9cd5f1744330bcfe15efd16b07f4b78
 
IA-32:
thunderbird-3.1.12-1.el6_1.i686.rpm
File outdated by:  RHSA-2011:1439
    MD5: bf3009a3a9cf97cc7704f9784446386f
SHA-256: c86e10d5dc92dbe098c5eef55fd2d904fdea095be8ebb5d9f39a7fb964171432
thunderbird-debuginfo-3.1.12-1.el6_1.i686.rpm
File outdated by:  RHSA-2011:1439
    MD5: f0e82d6b9df0d1b60a99496aa5938d5b
SHA-256: fc8fa5b67a17b8e5db366138772a51e58928562da3a8e44124420d1aec053039
 
PPC:
thunderbird-3.1.12-1.el6_1.ppc64.rpm
File outdated by:  RHSA-2011:1439
    MD5: dde4f6e2fb99006b349a35cfe758028c
SHA-256: 489c9cd848f75acac8b93cf2fd0923c23b191c7a800dde15b4060067597979ae
thunderbird-debuginfo-3.1.12-1.el6_1.ppc64.rpm
File outdated by:  RHSA-2011:1439
    MD5: 38d03ed75866e3b18adcf0ca82aa0038
SHA-256: 34034d1ef353e495a190d754bce71d4a3c53f8a232ac839bb91d32e03d8f89ae
 
s390x:
thunderbird-3.1.12-1.el6_1.s390x.rpm
File outdated by:  RHSA-2011:1439
    MD5: 46513430be46ee60174185a13c9bb0b4
SHA-256: 3e0f8fdf29f81c4b59ce5921ce53dc296815c9db41585886212a377cc8fe4edf
thunderbird-debuginfo-3.1.12-1.el6_1.s390x.rpm
File outdated by:  RHSA-2011:1439
    MD5: a33b1edd65a1b2d617b2c660e9ae5173
SHA-256: 9697a0f4f213329d95ddce01d7b3c47ca75a81f5e5e38919bae7b4afb4217e90
 
x86_64:
thunderbird-3.1.12-1.el6_1.x86_64.rpm
File outdated by:  RHSA-2011:1439
    MD5: cb9ea55b8e47a7cb4cec47c60e29cdb3
SHA-256: 4a16ee7d6b87dd734fcd017c1048f014351a1ee1e9a3e834d454296e2cbe0a63
thunderbird-debuginfo-3.1.12-1.el6_1.x86_64.rpm
File outdated by:  RHSA-2011:1439
    MD5: 3893ae4c9555cb1a69a969a5a1218560
SHA-256: 57e97870ce5f4019a5c43a6ed1d80213b4fb5b3bd035176f9d0d3b07cd804829
 
Red Hat Enterprise Linux Workstation (v. 6)

SRPMS:
thunderbird-3.1.12-1.el6_1.src.rpm
File outdated by:  RHSA-2014:0316
    MD5: a5362c02c065b6d024aa4c7ae7669028
SHA-256: ca77a59c93c25a198b5f2277ee5b5d1da9cd5f1744330bcfe15efd16b07f4b78
 
IA-32:
thunderbird-3.1.12-1.el6_1.i686.rpm
File outdated by:  RHSA-2014:0316
    MD5: bf3009a3a9cf97cc7704f9784446386f
SHA-256: c86e10d5dc92dbe098c5eef55fd2d904fdea095be8ebb5d9f39a7fb964171432
thunderbird-debuginfo-3.1.12-1.el6_1.i686.rpm
File outdated by:  RHSA-2014:0316
    MD5: f0e82d6b9df0d1b60a99496aa5938d5b
SHA-256: fc8fa5b67a17b8e5db366138772a51e58928562da3a8e44124420d1aec053039
 
x86_64:
thunderbird-3.1.12-1.el6_1.x86_64.rpm
File outdated by:  RHSA-2014:0316
    MD5: cb9ea55b8e47a7cb4cec47c60e29cdb3
SHA-256: 4a16ee7d6b87dd734fcd017c1048f014351a1ee1e9a3e834d454296e2cbe0a63
thunderbird-debuginfo-3.1.12-1.el6_1.x86_64.rpm
File outdated by:  RHSA-2014:0316
    MD5: 3893ae4c9555cb1a69a969a5a1218560
SHA-256: 57e97870ce5f4019a5c43a6ed1d80213b4fb5b3bd035176f9d0d3b07cd804829
 
(The unlinked packages above are only available from the Red Hat Network)

Bugs fixed (see bugzilla for more information)

730518 - CVE-2011-2982 Mozilla: Miscellaneous memory safety hazards
730519 - CVE-2011-0084 Mozilla: Crash in SVGTextElement.getCharNumAtPosition()
730521 - CVE-2011-2378 Mozilla: Dangling pointer vulnerability in appendChild


References



These packages are GPG signed by Red Hat for security. Our key and details on how to verify the signature are available from:
https://www.redhat.com/security/team/key/#package

The Red Hat security contact is secalert@redhat.com. More contact details at http://www.redhat.com/security/team/contact/