Skip to navigation

Security Advisory Critical: thunderbird security update

Advisory: RHSA-2012:0080-1
Type: Security Advisory
Severity: Critical
Issued on: 2012-01-31
Last updated on: 2012-01-31
Affected Products: Red Hat Enterprise Linux Desktop (v. 6)
Red Hat Enterprise Linux Server (v. 6)
Red Hat Enterprise Linux Server AUS (v. 6.2)
Red Hat Enterprise Linux Server EUS (v. 6.2.z)
Red Hat Enterprise Linux Workstation (v. 6)
CVEs (cve.mitre.org): CVE-2011-3659
CVE-2011-3670
CVE-2012-0442
CVE-2012-0449

Details

An updated thunderbird package that fixes multiple security issues is now
available for Red Hat Enterprise Linux 6.

The Red Hat Security Response Team has rated this update as having critical
security impact. Common Vulnerability Scoring System (CVSS) base scores,
which give detailed severity ratings, are available for each vulnerability
from the CVE links in the References section.

Mozilla Thunderbird is a standalone mail and newsgroup client.

A use-after-free flaw was found in the way Thunderbird removed
nsDOMAttribute child nodes. In certain circumstances, due to the premature
notification of AttributeChildRemoved, a malicious script could possibly
use this flaw to cause Thunderbird to crash or, potentially, execute
arbitrary code with the privileges of the user running Thunderbird.
(CVE-2011-3659)

Several flaws were found in the processing of malformed content. An HTML
mail message containing malicious content could cause Thunderbird to crash
or, potentially, execute arbitrary code with the privileges of the user
running Thunderbird. (CVE-2012-0442)

A flaw was found in the way Thunderbird parsed certain Scalable Vector
Graphics (SVG) image files that contained eXtensible Style Sheet Language
Transformations (XSLT). An HTML mail message containing a malicious SVG
image file could cause Thunderbird to crash or, potentially, execute
arbitrary code with the privileges of the user running Thunderbird.
(CVE-2012-0449)

The same-origin policy in Thunderbird treated http://example.com and
http://[example.com] as interchangeable. A malicious script could possibly
use this flaw to gain access to sensitive information (such as a client's
IP and user e-mail address, or httpOnly cookies) that may be included in
HTTP proxy error replies, generated in response to invalid URLs using
square brackets. (CVE-2011-3670)

Note: The CVE-2011-3659 and CVE-2011-3670 issues cannot be exploited by a
specially-crafted HTML mail message as JavaScript is disabled by default
for mail messages. It could be exploited another way in Thunderbird, for
example, when viewing the full remote content of an RSS feed.

For technical details regarding these flaws, refer to the Mozilla security
advisories for Thunderbird 3.1.18. You can find a link to the Mozilla
advisories in the References section of this erratum.

All Thunderbird users should upgrade to these updated packages, which
contain Thunderbird version 3.1.18, which corrects these issues. After
installing the update, Thunderbird must be restarted for the changes to
take effect.


Solution

Before applying this update, make sure all previously-released errata
relevant to your system have been applied.

This update is available via the Red Hat Network. Details on how to
use the Red Hat Network to apply this update are available at
https://access.redhat.com/kb/docs/DOC-11259

Updated packages

Red Hat Enterprise Linux Desktop (v. 6)

SRPMS:
thunderbird-3.1.18-1.el6_2.src.rpm
File outdated by:  RHSA-2014:0316
    MD5: 92e1f511d66fdda3266c78ac867374a4
SHA-256: 196ec8641b488a45391a0c08268091b818b3af392fbc7fe2551cafb8972a20da
 
IA-32:
thunderbird-3.1.18-1.el6_2.i686.rpm
File outdated by:  RHSA-2014:0316
    MD5: b9a87ed21c32acea3c42bc3f71241cff
SHA-256: 132a5f069ba8fad9fa773caa258237b8c520dc9bfb0bbbceccd15d83665b7ecb
thunderbird-debuginfo-3.1.18-1.el6_2.i686.rpm
File outdated by:  RHSA-2014:0316
    MD5: 74de6c4465681d7d5117d0f07ef2e426
SHA-256: 7504bf7dabdddf336132c804a33b10613297861a2c84db5669b75a64b3f01296
 
x86_64:
thunderbird-3.1.18-1.el6_2.x86_64.rpm
File outdated by:  RHSA-2014:0316
    MD5: e15c37f66dd66e8feabc8a5cc97a9a43
SHA-256: eb204aef87be9e3018e2370f70ac57a67dabb9fc9db8d78e81ef3ac38d73ba9b
thunderbird-debuginfo-3.1.18-1.el6_2.x86_64.rpm
File outdated by:  RHSA-2014:0316
    MD5: 3133b338533108e81efc4e65a1426a17
SHA-256: 35c82f41bd0aa9a5649f998137e303752065c6710c35987e59170edc716bd04e
 
Red Hat Enterprise Linux Server (v. 6)

SRPMS:
thunderbird-3.1.18-1.el6_2.src.rpm
File outdated by:  RHSA-2014:0316
    MD5: 92e1f511d66fdda3266c78ac867374a4
SHA-256: 196ec8641b488a45391a0c08268091b818b3af392fbc7fe2551cafb8972a20da
 
IA-32:
thunderbird-3.1.18-1.el6_2.i686.rpm
File outdated by:  RHSA-2014:0316
    MD5: b9a87ed21c32acea3c42bc3f71241cff
SHA-256: 132a5f069ba8fad9fa773caa258237b8c520dc9bfb0bbbceccd15d83665b7ecb
thunderbird-debuginfo-3.1.18-1.el6_2.i686.rpm
File outdated by:  RHSA-2014:0316
    MD5: 74de6c4465681d7d5117d0f07ef2e426
SHA-256: 7504bf7dabdddf336132c804a33b10613297861a2c84db5669b75a64b3f01296
 
PPC:
thunderbird-3.1.18-1.el6_2.ppc64.rpm
File outdated by:  RHSA-2014:0316
    MD5: 2c8a0b4a2a6b234933377ee0ef2039cd
SHA-256: f54ce9b4ac5b581b3786d0220152553a66860865b98e531c49419020dfc93930
thunderbird-debuginfo-3.1.18-1.el6_2.ppc64.rpm
File outdated by:  RHSA-2014:0316
    MD5: 6121b466a063766bd4e50f37fa272e45
SHA-256: 182b5a514a032b00e286ce3da109333cecd04b2e5ea657ceaf5d99c7651c8ff6
 
s390x:
thunderbird-3.1.18-1.el6_2.s390x.rpm
File outdated by:  RHSA-2014:0316
    MD5: 73add509a0e347cfb474b6e75378dcc5
SHA-256: 100c3872ccbfd3210761d87e1439bf44a0531f4527d1be644f0433c0ca37b52e
thunderbird-debuginfo-3.1.18-1.el6_2.s390x.rpm
File outdated by:  RHSA-2014:0316
    MD5: 8c295aa664b0eb19d74c858f4d1bb0f6
SHA-256: 4c5c4e1c625f27ab6710e9c1bed2fe06b6b96fe07f5325b17f3356b1c260d4b7
 
x86_64:
thunderbird-3.1.18-1.el6_2.x86_64.rpm
File outdated by:  RHSA-2014:0316
    MD5: e15c37f66dd66e8feabc8a5cc97a9a43
SHA-256: eb204aef87be9e3018e2370f70ac57a67dabb9fc9db8d78e81ef3ac38d73ba9b
thunderbird-debuginfo-3.1.18-1.el6_2.x86_64.rpm
File outdated by:  RHSA-2014:0316
    MD5: 3133b338533108e81efc4e65a1426a17
SHA-256: 35c82f41bd0aa9a5649f998137e303752065c6710c35987e59170edc716bd04e
 
Red Hat Enterprise Linux Server AUS (v. 6.2)

SRPMS:
thunderbird-3.1.18-1.el6_2.src.rpm
File outdated by:  RHSA-2014:0316
    MD5: 92e1f511d66fdda3266c78ac867374a4
SHA-256: 196ec8641b488a45391a0c08268091b818b3af392fbc7fe2551cafb8972a20da
 
x86_64:
thunderbird-3.1.18-1.el6_2.x86_64.rpm
File outdated by:  RHSA-2012:0715
    MD5: e15c37f66dd66e8feabc8a5cc97a9a43
SHA-256: eb204aef87be9e3018e2370f70ac57a67dabb9fc9db8d78e81ef3ac38d73ba9b
thunderbird-debuginfo-3.1.18-1.el6_2.x86_64.rpm
File outdated by:  RHSA-2012:0715
    MD5: 3133b338533108e81efc4e65a1426a17
SHA-256: 35c82f41bd0aa9a5649f998137e303752065c6710c35987e59170edc716bd04e
 
Red Hat Enterprise Linux Server EUS (v. 6.2.z)

SRPMS:
thunderbird-3.1.18-1.el6_2.src.rpm
File outdated by:  RHSA-2014:0316
    MD5: 92e1f511d66fdda3266c78ac867374a4
SHA-256: 196ec8641b488a45391a0c08268091b818b3af392fbc7fe2551cafb8972a20da
 
IA-32:
thunderbird-3.1.18-1.el6_2.i686.rpm
File outdated by:  RHSA-2012:0715
    MD5: b9a87ed21c32acea3c42bc3f71241cff
SHA-256: 132a5f069ba8fad9fa773caa258237b8c520dc9bfb0bbbceccd15d83665b7ecb
thunderbird-debuginfo-3.1.18-1.el6_2.i686.rpm
File outdated by:  RHSA-2012:0715
    MD5: 74de6c4465681d7d5117d0f07ef2e426
SHA-256: 7504bf7dabdddf336132c804a33b10613297861a2c84db5669b75a64b3f01296
 
PPC:
thunderbird-3.1.18-1.el6_2.ppc64.rpm
File outdated by:  RHSA-2012:0715
    MD5: 2c8a0b4a2a6b234933377ee0ef2039cd
SHA-256: f54ce9b4ac5b581b3786d0220152553a66860865b98e531c49419020dfc93930
thunderbird-debuginfo-3.1.18-1.el6_2.ppc64.rpm
File outdated by:  RHSA-2012:0715
    MD5: 6121b466a063766bd4e50f37fa272e45
SHA-256: 182b5a514a032b00e286ce3da109333cecd04b2e5ea657ceaf5d99c7651c8ff6
 
s390x:
thunderbird-3.1.18-1.el6_2.s390x.rpm
File outdated by:  RHSA-2012:0715
    MD5: 73add509a0e347cfb474b6e75378dcc5
SHA-256: 100c3872ccbfd3210761d87e1439bf44a0531f4527d1be644f0433c0ca37b52e
thunderbird-debuginfo-3.1.18-1.el6_2.s390x.rpm
File outdated by:  RHSA-2012:0715
    MD5: 8c295aa664b0eb19d74c858f4d1bb0f6
SHA-256: 4c5c4e1c625f27ab6710e9c1bed2fe06b6b96fe07f5325b17f3356b1c260d4b7
 
x86_64:
thunderbird-3.1.18-1.el6_2.x86_64.rpm
File outdated by:  RHSA-2012:0715
    MD5: e15c37f66dd66e8feabc8a5cc97a9a43
SHA-256: eb204aef87be9e3018e2370f70ac57a67dabb9fc9db8d78e81ef3ac38d73ba9b
thunderbird-debuginfo-3.1.18-1.el6_2.x86_64.rpm
File outdated by:  RHSA-2012:0715
    MD5: 3133b338533108e81efc4e65a1426a17
SHA-256: 35c82f41bd0aa9a5649f998137e303752065c6710c35987e59170edc716bd04e
 
Red Hat Enterprise Linux Workstation (v. 6)

SRPMS:
thunderbird-3.1.18-1.el6_2.src.rpm
File outdated by:  RHSA-2014:0316
    MD5: 92e1f511d66fdda3266c78ac867374a4
SHA-256: 196ec8641b488a45391a0c08268091b818b3af392fbc7fe2551cafb8972a20da
 
IA-32:
thunderbird-3.1.18-1.el6_2.i686.rpm
File outdated by:  RHSA-2014:0316
    MD5: b9a87ed21c32acea3c42bc3f71241cff
SHA-256: 132a5f069ba8fad9fa773caa258237b8c520dc9bfb0bbbceccd15d83665b7ecb
thunderbird-debuginfo-3.1.18-1.el6_2.i686.rpm
File outdated by:  RHSA-2014:0316
    MD5: 74de6c4465681d7d5117d0f07ef2e426
SHA-256: 7504bf7dabdddf336132c804a33b10613297861a2c84db5669b75a64b3f01296
 
x86_64:
thunderbird-3.1.18-1.el6_2.x86_64.rpm
File outdated by:  RHSA-2014:0316
    MD5: e15c37f66dd66e8feabc8a5cc97a9a43
SHA-256: eb204aef87be9e3018e2370f70ac57a67dabb9fc9db8d78e81ef3ac38d73ba9b
thunderbird-debuginfo-3.1.18-1.el6_2.x86_64.rpm
File outdated by:  RHSA-2014:0316
    MD5: 3133b338533108e81efc4e65a1426a17
SHA-256: 35c82f41bd0aa9a5649f998137e303752065c6710c35987e59170edc716bd04e
 
(The unlinked packages above are only available from the Red Hat Network)

Bugs fixed (see bugzilla for more information)

785085 - CVE-2012-0442 Mozilla: memory safety hazards in 10.0/1.9.2.26 (MFSA 2012-01)
785464 - CVE-2011-3670 Mozilla: Same-origin bypass using IPv6-like hostname syntax (MFSA 2012-02)
785966 - CVE-2012-0449 Mozilla: Crash when rendering SVG+XSLT (MFSA 2012-08)
786258 - CVE-2011-3659 Mozilla: child nodes from nsDOMAttribute still accessible after removal of nodes (MFSA 2012-04)


References



These packages are GPG signed by Red Hat for security. Our key and details on how to verify the signature are available from:
https://www.redhat.com/security/team/key/#package

The Red Hat security contact is secalert@redhat.com. More contact details at http://www.redhat.com/security/team/contact/