Skip to navigation

Security Advisory Critical: thunderbird security update

Advisory: RHSA-2011:1342-1
Type: Security Advisory
Severity: Critical
Issued on: 2011-09-28
Last updated on: 2011-09-28
Affected Products: Red Hat Enterprise Linux Desktop (v. 6)
Red Hat Enterprise Linux Server (v. 6)
Red Hat Enterprise Linux Server EUS (v. 6.1.z)
Red Hat Enterprise Linux Workstation (v. 6)
CVEs (cve.mitre.org): CVE-2011-2372
CVE-2011-2995
CVE-2011-2998
CVE-2011-2999
CVE-2011-3000

Details

An updated thunderbird package that fixes several security issues is now
available for Red Hat Enterprise Linux 6.

The Red Hat Security Response Team has rated this update as having critical
security impact. Common Vulnerability Scoring System (CVSS) base scores,
which give detailed severity ratings, are available for each vulnerability
from the CVE links in the References section.

Mozilla Thunderbird is a standalone mail and newsgroup client.

Several flaws were found in the processing of malformed HTML content. An
HTML mail message containing malicious content could cause Thunderbird to
crash or, potentially, execute arbitrary code with the privileges of the
user running Thunderbird. (CVE-2011-2995)

A flaw was found in the way Thunderbird processed the "Enter" keypress
event. A malicious HTML mail message could present a download dialog while
the key is pressed, activating the default "Open" action. A remote attacker
could exploit this vulnerability by causing the mail client to open
malicious web content. (CVE-2011-2372)

A flaw was found in the way Thunderbird handled Location headers in
redirect responses. Two copies of this header with different values could
be a symptom of a CRLF injection attack against a vulnerable server.
Thunderbird now treats two copies of the Location, Content-Length, or
Content-Disposition header as an error condition. (CVE-2011-3000)

A flaw was found in the way Thunderbird handled frame objects with certain
names. An attacker could use this flaw to cause a plug-in to grant its
content access to another site or the local file system, violating the
same-origin policy. (CVE-2011-2999)

An integer underflow flaw was found in the way Thunderbird handled large
JavaScript regular expressions. An HTML mail message containing malicious
JavaScript could cause Thunderbird to access already freed memory, causing
Thunderbird to crash or, potentially, execute arbitrary code with the
privileges of the user running Thunderbird. (CVE-2011-2998)

All Thunderbird users should upgrade to this updated package, which
resolves these issues. All running instances of Thunderbird must be
restarted for the update to take effect.


Solution

Before applying this update, make sure all previously-released errata
relevant to your system have been applied.

This update is available via the Red Hat Network. Details on how to
use the Red Hat Network to apply this update are available at
https://access.redhat.com/kb/docs/DOC-11259

Updated packages

Red Hat Enterprise Linux Desktop (v. 6)

IA-32:
thunderbird-3.1.15-1.el6_1.i686.rpm
File outdated by:  RHSA-2014:0316
    MD5: b91a2318f9becb23d97a26c53612cb42
SHA-256: a44f0f758a0dfe7b36654937429c55c2d6149fbec8ad9f1efb02d029d4cf14a3
thunderbird-debuginfo-3.1.15-1.el6_1.i686.rpm
File outdated by:  RHSA-2014:0316
    MD5: ebeb3fcf5c3096b773fb4e8cd678d5f9
SHA-256: 46a328abce7eadc666ea48d0920063e71d393588509f58fda2096be63b466123
 
x86_64:
thunderbird-3.1.15-1.el6_1.x86_64.rpm
File outdated by:  RHSA-2014:0316
    MD5: dbf777997af509099ed0fea7bc584b66
SHA-256: e2b1b7a490803ca027f9fff885ec21373cb26e301c47e1061e2b6bad4c4fa9e1
thunderbird-debuginfo-3.1.15-1.el6_1.x86_64.rpm
File outdated by:  RHSA-2014:0316
    MD5: 78f7e86c8418b05f3f309d56bd33af93
SHA-256: 3e2fcd6a614143eff55fb89bf41991503c3eb3c38531633af08f28e3029d00d9
 
Red Hat Enterprise Linux Server (v. 6)

IA-32:
thunderbird-3.1.15-1.el6_1.i686.rpm
File outdated by:  RHSA-2014:0316
    MD5: b91a2318f9becb23d97a26c53612cb42
SHA-256: a44f0f758a0dfe7b36654937429c55c2d6149fbec8ad9f1efb02d029d4cf14a3
thunderbird-debuginfo-3.1.15-1.el6_1.i686.rpm
File outdated by:  RHSA-2014:0316
    MD5: ebeb3fcf5c3096b773fb4e8cd678d5f9
SHA-256: 46a328abce7eadc666ea48d0920063e71d393588509f58fda2096be63b466123
 
PPC:
thunderbird-3.1.15-1.el6_1.ppc64.rpm
File outdated by:  RHSA-2014:0316
    MD5: c0c0c1741d17dbefcf7d1eaa13802bce
SHA-256: d98536c2f01575e8ff2c22e18591dbb05bf115fa01dffacfc209233a2c6a07a5
thunderbird-debuginfo-3.1.15-1.el6_1.ppc64.rpm
File outdated by:  RHSA-2014:0316
    MD5: 79f479378a7d6475a682760737ea7258
SHA-256: b6fc35b1ca33d71fe48d25d3cc72301cb2707f30cc2c264e3dc176e9356d8a15
 
s390x:
thunderbird-3.1.15-1.el6_1.s390x.rpm
File outdated by:  RHSA-2014:0316
    MD5: 6f4cc8679d0d6d90b1ca59e59e6d43f8
SHA-256: d43e314c76c12613e126bd7b3501dacffc36d9d9feec01a7357134743eb33b0f
thunderbird-debuginfo-3.1.15-1.el6_1.s390x.rpm
File outdated by:  RHSA-2014:0316
    MD5: 8c7f339c08a5f43859363039816ee42a
SHA-256: 243f8aaf3a22e3182a107035372e74321503843b07ea286401cf2dc9a5b0bcf7
 
x86_64:
thunderbird-3.1.15-1.el6_1.x86_64.rpm
File outdated by:  RHSA-2014:0316
    MD5: dbf777997af509099ed0fea7bc584b66
SHA-256: e2b1b7a490803ca027f9fff885ec21373cb26e301c47e1061e2b6bad4c4fa9e1
thunderbird-debuginfo-3.1.15-1.el6_1.x86_64.rpm
File outdated by:  RHSA-2014:0316
    MD5: 78f7e86c8418b05f3f309d56bd33af93
SHA-256: 3e2fcd6a614143eff55fb89bf41991503c3eb3c38531633af08f28e3029d00d9
 
Red Hat Enterprise Linux Server EUS (v. 6.1.z)

IA-32:
thunderbird-3.1.15-1.el6_1.i686.rpm
File outdated by:  RHSA-2011:1439
    MD5: b91a2318f9becb23d97a26c53612cb42
SHA-256: a44f0f758a0dfe7b36654937429c55c2d6149fbec8ad9f1efb02d029d4cf14a3
thunderbird-debuginfo-3.1.15-1.el6_1.i686.rpm
File outdated by:  RHSA-2011:1439
    MD5: ebeb3fcf5c3096b773fb4e8cd678d5f9
SHA-256: 46a328abce7eadc666ea48d0920063e71d393588509f58fda2096be63b466123
 
PPC:
thunderbird-3.1.15-1.el6_1.ppc64.rpm
File outdated by:  RHSA-2011:1439
    MD5: c0c0c1741d17dbefcf7d1eaa13802bce
SHA-256: d98536c2f01575e8ff2c22e18591dbb05bf115fa01dffacfc209233a2c6a07a5
thunderbird-debuginfo-3.1.15-1.el6_1.ppc64.rpm
File outdated by:  RHSA-2011:1439
    MD5: 79f479378a7d6475a682760737ea7258
SHA-256: b6fc35b1ca33d71fe48d25d3cc72301cb2707f30cc2c264e3dc176e9356d8a15
 
s390x:
thunderbird-3.1.15-1.el6_1.s390x.rpm
File outdated by:  RHSA-2011:1439
    MD5: 6f4cc8679d0d6d90b1ca59e59e6d43f8
SHA-256: d43e314c76c12613e126bd7b3501dacffc36d9d9feec01a7357134743eb33b0f
thunderbird-debuginfo-3.1.15-1.el6_1.s390x.rpm
File outdated by:  RHSA-2011:1439
    MD5: 8c7f339c08a5f43859363039816ee42a
SHA-256: 243f8aaf3a22e3182a107035372e74321503843b07ea286401cf2dc9a5b0bcf7
 
x86_64:
thunderbird-3.1.15-1.el6_1.x86_64.rpm
File outdated by:  RHSA-2011:1439
    MD5: dbf777997af509099ed0fea7bc584b66
SHA-256: e2b1b7a490803ca027f9fff885ec21373cb26e301c47e1061e2b6bad4c4fa9e1
thunderbird-debuginfo-3.1.15-1.el6_1.x86_64.rpm
File outdated by:  RHSA-2011:1439
    MD5: 78f7e86c8418b05f3f309d56bd33af93
SHA-256: 3e2fcd6a614143eff55fb89bf41991503c3eb3c38531633af08f28e3029d00d9
 
Red Hat Enterprise Linux Workstation (v. 6)

IA-32:
thunderbird-3.1.15-1.el6_1.i686.rpm
File outdated by:  RHSA-2014:0316
    MD5: b91a2318f9becb23d97a26c53612cb42
SHA-256: a44f0f758a0dfe7b36654937429c55c2d6149fbec8ad9f1efb02d029d4cf14a3
thunderbird-debuginfo-3.1.15-1.el6_1.i686.rpm
File outdated by:  RHSA-2014:0316
    MD5: ebeb3fcf5c3096b773fb4e8cd678d5f9
SHA-256: 46a328abce7eadc666ea48d0920063e71d393588509f58fda2096be63b466123
 
x86_64:
thunderbird-3.1.15-1.el6_1.x86_64.rpm
File outdated by:  RHSA-2014:0316
    MD5: dbf777997af509099ed0fea7bc584b66
SHA-256: e2b1b7a490803ca027f9fff885ec21373cb26e301c47e1061e2b6bad4c4fa9e1
thunderbird-debuginfo-3.1.15-1.el6_1.x86_64.rpm
File outdated by:  RHSA-2014:0316
    MD5: 78f7e86c8418b05f3f309d56bd33af93
SHA-256: 3e2fcd6a614143eff55fb89bf41991503c3eb3c38531633af08f28e3029d00d9
 
(The unlinked packages above are only available from the Red Hat Network)

Bugs fixed (see bugzilla for more information)

741902 - CVE-2011-2995 Mozilla: Miscellaneous memory safety hazards (MFSA 2011-36)
741904 - CVE-2011-2999 Mozilla: XSS via plugins and shadowed window.location object (MFSA 2011-38)
741905 - CVE-2011-3000 Mozilla:Defense against multiple Location headers due to CRLF Injection (MFSA 2011-39)
741917 - CVE-2011-2372 Mozilla:Code installation through holding down Enter (MFSA 2011-40)
741924 - CVE-2011-2998 Mozilla: Integer underflow when using JavaScript RegExp (MFSA 2011-37)


References



These packages are GPG signed by Red Hat for security. Our key and details on how to verify the signature are available from:
https://www.redhat.com/security/team/key/#package

The Red Hat security contact is secalert@redhat.com. More contact details at http://www.redhat.com/security/team/contact/