Skip to navigation

Security Advisory Critical: thunderbird security update

Advisory: RHSA-2012:1211-1
Type: Security Advisory
Severity: Critical
Issued on: 2012-08-29
Last updated on: 2012-08-29
Affected Products: RHEL Optional Productivity Applications (v. 5 server)
Red Hat Enterprise Linux Desktop (v. 5 client)
Red Hat Enterprise Linux Desktop (v. 6)
Red Hat Enterprise Linux Server (v. 6)
Red Hat Enterprise Linux Server EUS (v. 6.3.z)
Red Hat Enterprise Linux Workstation (v. 6)
CVEs (cve.mitre.org): CVE-2012-1970
CVE-2012-1972
CVE-2012-1973
CVE-2012-1974
CVE-2012-1975
CVE-2012-1976
CVE-2012-3956
CVE-2012-3957
CVE-2012-3958
CVE-2012-3959
CVE-2012-3960
CVE-2012-3961
CVE-2012-3962
CVE-2012-3963
CVE-2012-3964
CVE-2012-3966
CVE-2012-3967
CVE-2012-3968
CVE-2012-3969
CVE-2012-3970
CVE-2012-3972
CVE-2012-3978
CVE-2012-3980

Details

An updated thunderbird package that fixes multiple security issues is now
available for Red Hat Enterprise Linux 5 and 6.

The Red Hat Security Response Team has rated this update as having critical
security impact. Common Vulnerability Scoring System (CVSS) base scores,
which give detailed severity ratings, are available for each vulnerability
from the CVE links in the References section.

Mozilla Thunderbird is a standalone mail and newsgroup client.

Several flaws were found in the processing of malformed content. Malicious
content could cause Thunderbird to crash or, potentially, execute arbitrary
code with the privileges of the user running Thunderbird. (CVE-2012-1970,
CVE-2012-1972, CVE-2012-1973, CVE-2012-1974, CVE-2012-1975, CVE-2012-1976,
CVE-2012-3956, CVE-2012-3957, CVE-2012-3958, CVE-2012-3959, CVE-2012-3960,
CVE-2012-3961, CVE-2012-3962, CVE-2012-3963, CVE-2012-3964)

Content containing a malicious Scalable Vector Graphics (SVG) image file
could cause Thunderbird to crash or, potentially, execute arbitrary code
with the privileges of the user running Thunderbird. (CVE-2012-3969,
CVE-2012-3970)

Two flaws were found in the way Thunderbird rendered certain images using
WebGL. Malicious content could cause Thunderbird to crash or, under certain
conditions, possibly execute arbitrary code with the privileges of the user
running Thunderbird. (CVE-2012-3967, CVE-2012-3968)

A flaw was found in the way Thunderbird decoded embedded bitmap images in
Icon Format (ICO) files. Content containing a malicious ICO file could
cause Thunderbird to crash or, under certain conditions, possibly execute
arbitrary code with the privileges of the user running Thunderbird.
(CVE-2012-3966)

A flaw was found in the way the "eval" command was handled by the
Thunderbird Error Console. Running "eval" in the Error Console while
viewing malicious content could possibly cause Thunderbird to execute
arbitrary code with the privileges of the user running Thunderbird.
(CVE-2012-3980)

An out-of-bounds memory read flaw was found in the way Thunderbird used the
format-number feature of XSLT (Extensible Stylesheet Language
Transformations). Malicious content could possibly cause an information
leak, or cause Thunderbird to crash. (CVE-2012-3972)

A flaw was found in the location object implementation in Thunderbird.
Malicious content could use this flaw to possibly allow restricted content
to be loaded. (CVE-2012-3978)

Red Hat would like to thank the Mozilla project for reporting these issues.
Upstream acknowledges Gary Kwong, Christian Holler, Jesse Ruderman, John
Schoenick, Vladimir Vukicevic, Daniel Holbert, Abhishek Arya, Frédéric
Hoguin, miaubiz, Arthur Gerkis, Nicolas Grégoire, moz_bug_r_a4, and Colby
Russell as the original reporters of these issues.

Note: All issues except CVE-2012-3969 and CVE-2012-3970 cannot be exploited
by a specially-crafted HTML mail message as JavaScript is disabled by
default for mail messages. They could be exploited another way in
Thunderbird, for example, when viewing the full remote content of an RSS
feed.

All Thunderbird users should upgrade to this updated package, which
contains Thunderbird version 10.0.7 ESR, which corrects these issues. After
installing the update, Thunderbird must be restarted for the changes to
take effect.


Solution

Before applying this update, make sure all previously-released errata
relevant to your system have been applied.

This update is available via the Red Hat Network. Details on how to
use the Red Hat Network to apply this update are available at
https://access.redhat.com/knowledge/articles/11258

Updated packages

RHEL Optional Productivity Applications (v. 5 server)

SRPMS:
thunderbird-10.0.7-1.el5_8.src.rpm
File outdated by:  RHSA-2014:0316
    MD5: e86d941243e30ec02a3533e4888db86d
SHA-256: 3d20001333f479f7053a53543288a01c4db15e20035e27439c560ad7306dc767
 
IA-32:
thunderbird-10.0.7-1.el5_8.i386.rpm
File outdated by:  RHSA-2014:0316
    MD5: aeb1920d43d9e74c82eb39841acd0b3c
SHA-256: 18729a0cb8c8f544f2ec393ab154a18450f2391e0f9dc51650982a7dfd065311
thunderbird-debuginfo-10.0.7-1.el5_8.i386.rpm
File outdated by:  RHSA-2014:0316
    MD5: c24968a24b2b857c4c5c4b7db7f05bd2
SHA-256: bfb854b1b36f8238f7e10006fd817c95c168e78a25c3d66554f6e6f92f38069b
 
x86_64:
thunderbird-10.0.7-1.el5_8.x86_64.rpm
File outdated by:  RHSA-2014:0316
    MD5: 26ba2901fffa44f23b7c26c2cbc34a20
SHA-256: 12643884332faabb83f8ed21560951ac7e688211225ddb34afe98502f395585f
thunderbird-debuginfo-10.0.7-1.el5_8.x86_64.rpm
File outdated by:  RHSA-2014:0316
    MD5: d1f2f698d44fd54e6dac477accbf0cfe
SHA-256: 79c76977c1aecff740d4d9aa23388a5abc3c7ddb58a3902ee9718496669c3ab9
 
Red Hat Enterprise Linux Desktop (v. 5 client)

SRPMS:
thunderbird-10.0.7-1.el5_8.src.rpm
File outdated by:  RHSA-2014:0316
    MD5: e86d941243e30ec02a3533e4888db86d
SHA-256: 3d20001333f479f7053a53543288a01c4db15e20035e27439c560ad7306dc767
 
IA-32:
thunderbird-10.0.7-1.el5_8.i386.rpm
File outdated by:  RHSA-2014:0316
    MD5: aeb1920d43d9e74c82eb39841acd0b3c
SHA-256: 18729a0cb8c8f544f2ec393ab154a18450f2391e0f9dc51650982a7dfd065311
thunderbird-debuginfo-10.0.7-1.el5_8.i386.rpm
File outdated by:  RHSA-2014:0316
    MD5: c24968a24b2b857c4c5c4b7db7f05bd2
SHA-256: bfb854b1b36f8238f7e10006fd817c95c168e78a25c3d66554f6e6f92f38069b
 
x86_64:
thunderbird-10.0.7-1.el5_8.x86_64.rpm
File outdated by:  RHSA-2014:0316
    MD5: 26ba2901fffa44f23b7c26c2cbc34a20
SHA-256: 12643884332faabb83f8ed21560951ac7e688211225ddb34afe98502f395585f
thunderbird-debuginfo-10.0.7-1.el5_8.x86_64.rpm
File outdated by:  RHSA-2014:0316
    MD5: d1f2f698d44fd54e6dac477accbf0cfe
SHA-256: 79c76977c1aecff740d4d9aa23388a5abc3c7ddb58a3902ee9718496669c3ab9
 
Red Hat Enterprise Linux Desktop (v. 6)

SRPMS:
thunderbird-10.0.7-1.el6_3.src.rpm
File outdated by:  RHSA-2014:0316
    MD5: 5458f7f45fce86eb6a922cbf4c14ace9
SHA-256: 356b607e908977e145c269a0064c795fa257f10ba5c2cfa20c95bc4e91fcc603
 
IA-32:
thunderbird-10.0.7-1.el6_3.i686.rpm
File outdated by:  RHSA-2014:0316
    MD5: 855cad4087a8dd04122eede656455d67
SHA-256: ea9f9f0076a3f35ce8e3b0deeae2a827f42722fe990dc14b1092fc748cf15ecc
thunderbird-debuginfo-10.0.7-1.el6_3.i686.rpm
File outdated by:  RHSA-2014:0316
    MD5: 2ee3fadce3453f90b421145cf1e7eafc
SHA-256: 1224a106b96fe183d93121965e970c7df4d57e138b816d390c07fe2c314ffe2f
 
x86_64:
thunderbird-10.0.7-1.el6_3.x86_64.rpm
File outdated by:  RHSA-2014:0316
    MD5: a87e7660a251e435c287b56ff1e802d4
SHA-256: 9a4fc070d4d5050e888bd0fa24fe3cc9f6eb0b61aa09ae35b878c0511f3d5e55
thunderbird-debuginfo-10.0.7-1.el6_3.x86_64.rpm
File outdated by:  RHSA-2014:0316
    MD5: 8aae2b75b850f2035358c605fc30f080
SHA-256: 99387ba6fc01780583d5c0a9286190ffd686bd29c2647de1bf58dd66a3404aad
 
Red Hat Enterprise Linux Server (v. 6)

SRPMS:
thunderbird-10.0.7-1.el6_3.src.rpm
File outdated by:  RHSA-2014:0316
    MD5: 5458f7f45fce86eb6a922cbf4c14ace9
SHA-256: 356b607e908977e145c269a0064c795fa257f10ba5c2cfa20c95bc4e91fcc603
 
IA-32:
thunderbird-10.0.7-1.el6_3.i686.rpm
File outdated by:  RHSA-2014:0316
    MD5: 855cad4087a8dd04122eede656455d67
SHA-256: ea9f9f0076a3f35ce8e3b0deeae2a827f42722fe990dc14b1092fc748cf15ecc
thunderbird-debuginfo-10.0.7-1.el6_3.i686.rpm
File outdated by:  RHSA-2014:0316
    MD5: 2ee3fadce3453f90b421145cf1e7eafc
SHA-256: 1224a106b96fe183d93121965e970c7df4d57e138b816d390c07fe2c314ffe2f
 
PPC:
thunderbird-10.0.7-1.el6_3.ppc64.rpm
File outdated by:  RHSA-2014:0316
    MD5: 0dbf03ffb1c46eff885b4f5adad23d85
SHA-256: 1333143719afc7b6da711b97eb17d92e9b166460ef0ba03d0344294bab217e2c
thunderbird-debuginfo-10.0.7-1.el6_3.ppc64.rpm
File outdated by:  RHSA-2014:0316
    MD5: 97db461e337a735d2d672d3e110f028c
SHA-256: eb00cc504a7337373893b1bc58af13bbe1b07808ad660db916cecf6dba6e7e9a
 
s390x:
thunderbird-10.0.7-1.el6_3.s390x.rpm
File outdated by:  RHSA-2014:0316
    MD5: 3c1f943c0c49846bc4e0e4d24aecaf67
SHA-256: b3ad20d3afbfa1424ba7cf271e853f8ca99c5c2e8f60722c57445f0e8698c423
thunderbird-debuginfo-10.0.7-1.el6_3.s390x.rpm
File outdated by:  RHSA-2014:0316
    MD5: ec40749ac45afc2a84cac5985cef9f51
SHA-256: 3576a6310dd5610f727988887df8a7dfd33d818c4976363702935642682b3742
 
x86_64:
thunderbird-10.0.7-1.el6_3.x86_64.rpm
File outdated by:  RHSA-2014:0316
    MD5: a87e7660a251e435c287b56ff1e802d4
SHA-256: 9a4fc070d4d5050e888bd0fa24fe3cc9f6eb0b61aa09ae35b878c0511f3d5e55
thunderbird-debuginfo-10.0.7-1.el6_3.x86_64.rpm
File outdated by:  RHSA-2014:0316
    MD5: 8aae2b75b850f2035358c605fc30f080
SHA-256: 99387ba6fc01780583d5c0a9286190ffd686bd29c2647de1bf58dd66a3404aad
 
Red Hat Enterprise Linux Server EUS (v. 6.3.z)

SRPMS:
thunderbird-10.0.7-1.el6_3.src.rpm
File outdated by:  RHSA-2014:0316
    MD5: 5458f7f45fce86eb6a922cbf4c14ace9
SHA-256: 356b607e908977e145c269a0064c795fa257f10ba5c2cfa20c95bc4e91fcc603
 
IA-32:
thunderbird-10.0.7-1.el6_3.i686.rpm
File outdated by:  RHSA-2013:0272
    MD5: 855cad4087a8dd04122eede656455d67
SHA-256: ea9f9f0076a3f35ce8e3b0deeae2a827f42722fe990dc14b1092fc748cf15ecc
thunderbird-debuginfo-10.0.7-1.el6_3.i686.rpm
File outdated by:  RHSA-2013:0272
    MD5: 2ee3fadce3453f90b421145cf1e7eafc
SHA-256: 1224a106b96fe183d93121965e970c7df4d57e138b816d390c07fe2c314ffe2f
 
PPC:
thunderbird-10.0.7-1.el6_3.ppc64.rpm
File outdated by:  RHSA-2013:0272
    MD5: 0dbf03ffb1c46eff885b4f5adad23d85
SHA-256: 1333143719afc7b6da711b97eb17d92e9b166460ef0ba03d0344294bab217e2c
thunderbird-debuginfo-10.0.7-1.el6_3.ppc64.rpm
File outdated by:  RHSA-2013:0272
    MD5: 97db461e337a735d2d672d3e110f028c
SHA-256: eb00cc504a7337373893b1bc58af13bbe1b07808ad660db916cecf6dba6e7e9a
 
s390x:
thunderbird-10.0.7-1.el6_3.s390x.rpm
File outdated by:  RHSA-2013:0272
    MD5: 3c1f943c0c49846bc4e0e4d24aecaf67
SHA-256: b3ad20d3afbfa1424ba7cf271e853f8ca99c5c2e8f60722c57445f0e8698c423
thunderbird-debuginfo-10.0.7-1.el6_3.s390x.rpm
File outdated by:  RHSA-2013:0272
    MD5: ec40749ac45afc2a84cac5985cef9f51
SHA-256: 3576a6310dd5610f727988887df8a7dfd33d818c4976363702935642682b3742
 
x86_64:
thunderbird-10.0.7-1.el6_3.x86_64.rpm
File outdated by:  RHSA-2013:0272
    MD5: a87e7660a251e435c287b56ff1e802d4
SHA-256: 9a4fc070d4d5050e888bd0fa24fe3cc9f6eb0b61aa09ae35b878c0511f3d5e55
thunderbird-debuginfo-10.0.7-1.el6_3.x86_64.rpm
File outdated by:  RHSA-2013:0272
    MD5: 8aae2b75b850f2035358c605fc30f080
SHA-256: 99387ba6fc01780583d5c0a9286190ffd686bd29c2647de1bf58dd66a3404aad
 
Red Hat Enterprise Linux Workstation (v. 6)

SRPMS:
thunderbird-10.0.7-1.el6_3.src.rpm
File outdated by:  RHSA-2014:0316
    MD5: 5458f7f45fce86eb6a922cbf4c14ace9
SHA-256: 356b607e908977e145c269a0064c795fa257f10ba5c2cfa20c95bc4e91fcc603
 
IA-32:
thunderbird-10.0.7-1.el6_3.i686.rpm
File outdated by:  RHSA-2014:0316
    MD5: 855cad4087a8dd04122eede656455d67
SHA-256: ea9f9f0076a3f35ce8e3b0deeae2a827f42722fe990dc14b1092fc748cf15ecc
thunderbird-debuginfo-10.0.7-1.el6_3.i686.rpm
File outdated by:  RHSA-2014:0316
    MD5: 2ee3fadce3453f90b421145cf1e7eafc
SHA-256: 1224a106b96fe183d93121965e970c7df4d57e138b816d390c07fe2c314ffe2f
 
x86_64:
thunderbird-10.0.7-1.el6_3.x86_64.rpm
File outdated by:  RHSA-2014:0316
    MD5: a87e7660a251e435c287b56ff1e802d4
SHA-256: 9a4fc070d4d5050e888bd0fa24fe3cc9f6eb0b61aa09ae35b878c0511f3d5e55
thunderbird-debuginfo-10.0.7-1.el6_3.x86_64.rpm
File outdated by:  RHSA-2014:0316
    MD5: 8aae2b75b850f2035358c605fc30f080
SHA-256: 99387ba6fc01780583d5c0a9286190ffd686bd29c2647de1bf58dd66a3404aad
 
(The unlinked packages above are only available from the Red Hat Network)

Bugs fixed (see bugzilla for more information)

851909 - CVE-2012-1970 Mozilla: Miscellaneous memory safety hazards (rv:15.0/ rv:10.0.7) (MFSA 2012-57)
851910 - Mozilla:Multiple Use-after-free issues found using Address Sanitizer (MFSA 2012-58)
851918 - CVE-2012-3966 Mozilla: Memory corruption with bitmap format images with negative height (MFSA 2012-61)
851920 - CVE-2012-3967 CVE-2012-3968 Mozilla: WebGL use-after-free and memory corruption (MFSA 2012-62)
851922 - CVE-2012-3969 CVE-2012-3970 Mozilla: SVG buffer overflow and use-after-free issues (MFSA 2012-63)
851924 - CVE-2012-3972 Mozilla: Out-of-bounds read in format-number in XSLT (MFSA 2012-65)
851937 - CVE-2012-3978 Mozilla: Location object security checks bypassed by chrome code (MFSA 2012-70)
851939 - CVE-2012-3980 Mozilla: Web console eval capable of executing chrome-privileged code (MFSA 2012-72)


References



These packages are GPG signed by Red Hat for security. Our key and details on how to verify the signature are available from:
https://www.redhat.com/security/team/key/#package

The Red Hat security contact is secalert@redhat.com. More contact details at http://www.redhat.com/security/team/contact/