Critical: thunderbird security update
| Advisory: | RHSA-2012:1362-1 |
|---|---|
| Type: | Security Advisory |
| Severity: | Critical |
| Issued on: | 2012-10-12 |
| Last updated on: | 2012-10-12 |
| Affected Products: | RHEL Optional Productivity Applications (v. 5 server) Red Hat Enterprise Linux Desktop (v. 5 client) Red Hat Enterprise Linux Desktop (v. 6) Red Hat Enterprise Linux Server (v. 6) Red Hat Enterprise Linux Server EUS (v. 6.3.z) Red Hat Enterprise Linux Workstation (v. 6) |
| CVEs (cve.mitre.org): |
CVE-2012-4193 |
Details
An updated thunderbird package that fixes one security issue is now
available for Red Hat Enterprise Linux 5 and 6.
The Red Hat Security Response Team has rated this update as having critical
security impact. A Common Vulnerability Scoring System (CVSS) base score,
which gives a detailed severity rating, is available from the CVE link in
the References section.
Mozilla Thunderbird is a standalone mail and newsgroup client.
A flaw was found in the way Thunderbird handled security wrappers.
Malicious content could cause Thunderbird to execute arbitrary code with
the privileges of the user running Thunderbird. (CVE-2012-4193)
Red Hat would like to thank the Mozilla project for reporting this issue.
Upstream acknowledges moz_bug_r_a4 as the original reporter.
Note: This issue cannot be exploited by a specially-crafted HTML mail
message as JavaScript is disabled by default for mail messages. It could be
exploited another way in Thunderbird, for example, when viewing the full
remote content of an RSS feed.
All Thunderbird users should upgrade to this updated package, which
corrects this issue. After installing the update, Thunderbird must be
restarted for the changes to take effect.
Solution
Before applying this update, make sure all previously-released errata
relevant to your system have been applied.
This update is available via the Red Hat Network. Details on how to
use the Red Hat Network to apply this update are available at
https://access.redhat.com/knowledge/articles/11258
relevant to your system have been applied.
This update is available via the Red Hat Network. Details on how to
use the Red Hat Network to apply this update are available at
https://access.redhat.com/knowledge/articles/11258
Updated packages
| RHEL Optional Productivity Applications (v. 5 server) | |
| SRPMS: | |
| thunderbird-10.0.8-2.el5_8.src.rpm File outdated by: RHSA-2013:0821 |
MD5: c30cc2ef011ed23a4c70039a8c7e8df3 SHA-256: 3a0843576b82c4f073e5f765edc39dde3b35e0ec010b1be7314dec7db821138f |
| IA-32: | |
| thunderbird-10.0.8-2.el5_8.i386.rpm File outdated by: RHSA-2013:0821 |
MD5: 7fde054641e4a8f0ca935cdb6dfe11bc SHA-256: 26bc4e74c29a9a4f31ab0a2f0e2cfeb94c6e089ad5eeccf7ae2566429f0aee11 |
| thunderbird-debuginfo-10.0.8-2.el5_8.i386.rpm File outdated by: RHSA-2013:0821 |
MD5: bfb130e35136880be013890a53c8ac45 SHA-256: db4f6e5ff708e2c63089db8b0749ee813ce98ff3f28f604cc8e502bf802b7189 |
| x86_64: | |
| thunderbird-10.0.8-2.el5_8.x86_64.rpm File outdated by: RHSA-2013:0821 |
MD5: f325d93efe4179c2592200675e0f3d76 SHA-256: d27bc2025cb3b113774914c2f611ca70fc9be6dcb17bf7e480c8fff45cdb13d4 |
| thunderbird-debuginfo-10.0.8-2.el5_8.x86_64.rpm File outdated by: RHSA-2013:0821 |
MD5: f175f7e1c62d45afb709cafaafb1b6c7 SHA-256: 59d5e846e3f85147669232a8511663effabfec9047c2e4a83b8263826bcd7c41 |
| Red Hat Enterprise Linux Desktop (v. 5 client) | |
| SRPMS: | |
| thunderbird-10.0.8-2.el5_8.src.rpm File outdated by: RHSA-2013:0821 |
MD5: c30cc2ef011ed23a4c70039a8c7e8df3 SHA-256: 3a0843576b82c4f073e5f765edc39dde3b35e0ec010b1be7314dec7db821138f |
| IA-32: | |
| thunderbird-10.0.8-2.el5_8.i386.rpm File outdated by: RHSA-2013:0821 |
MD5: 7fde054641e4a8f0ca935cdb6dfe11bc SHA-256: 26bc4e74c29a9a4f31ab0a2f0e2cfeb94c6e089ad5eeccf7ae2566429f0aee11 |
| thunderbird-debuginfo-10.0.8-2.el5_8.i386.rpm File outdated by: RHSA-2013:0821 |
MD5: bfb130e35136880be013890a53c8ac45 SHA-256: db4f6e5ff708e2c63089db8b0749ee813ce98ff3f28f604cc8e502bf802b7189 |
| x86_64: | |
| thunderbird-10.0.8-2.el5_8.x86_64.rpm File outdated by: RHSA-2013:0821 |
MD5: f325d93efe4179c2592200675e0f3d76 SHA-256: d27bc2025cb3b113774914c2f611ca70fc9be6dcb17bf7e480c8fff45cdb13d4 |
| thunderbird-debuginfo-10.0.8-2.el5_8.x86_64.rpm File outdated by: RHSA-2013:0821 |
MD5: f175f7e1c62d45afb709cafaafb1b6c7 SHA-256: 59d5e846e3f85147669232a8511663effabfec9047c2e4a83b8263826bcd7c41 |
| Red Hat Enterprise Linux Desktop (v. 6) | |
| SRPMS: | |
| thunderbird-10.0.8-2.el6_3.src.rpm File outdated by: RHSA-2013:0821 |
MD5: ed3f880be4e5be41d773336158aff81a SHA-256: b9d610d87cc7a49b38d31f461c7ff6878d01e76763fd2c2321c7fcba346b6060 |
| IA-32: | |
| thunderbird-10.0.8-2.el6_3.i686.rpm File outdated by: RHSA-2013:0821 |
MD5: 2a43a598528c0b84b394dd5388c9a1bf SHA-256: d1d3bf67e2d5ca46cd38922e1a8ec836fa26d3aef5f88ef2d9aa0dbffab1eb48 |
| thunderbird-debuginfo-10.0.8-2.el6_3.i686.rpm File outdated by: RHSA-2013:0821 |
MD5: 88a786d1cd56bfe9477eefc053968bcc SHA-256: 6aa8aea109d4c7f59c331e1ef9a14240dcec9367978fcd6df1995bec35e68da9 |
| x86_64: | |
| thunderbird-10.0.8-2.el6_3.x86_64.rpm File outdated by: RHSA-2013:0821 |
MD5: f36070f105e14e333107f3475e3f05e2 SHA-256: c68d7a924ba37835a9d4ee747983c2efdcff566fdec3e71acb67ba254eb9ce2c |
| thunderbird-debuginfo-10.0.8-2.el6_3.x86_64.rpm File outdated by: RHSA-2013:0821 |
MD5: 3d10dc001bf0c17e6e485a7c97f1404f SHA-256: 5b89335592927cdee2486b5bc8fb060b3a88fee8dbc78cf43d4fd68edefc5e9d |
| Red Hat Enterprise Linux Server (v. 6) | |
| SRPMS: | |
| thunderbird-10.0.8-2.el6_3.src.rpm File outdated by: RHSA-2013:0821 |
MD5: ed3f880be4e5be41d773336158aff81a SHA-256: b9d610d87cc7a49b38d31f461c7ff6878d01e76763fd2c2321c7fcba346b6060 |
| IA-32: | |
| thunderbird-10.0.8-2.el6_3.i686.rpm File outdated by: RHSA-2013:0821 |
MD5: 2a43a598528c0b84b394dd5388c9a1bf SHA-256: d1d3bf67e2d5ca46cd38922e1a8ec836fa26d3aef5f88ef2d9aa0dbffab1eb48 |
| thunderbird-debuginfo-10.0.8-2.el6_3.i686.rpm File outdated by: RHSA-2013:0821 |
MD5: 88a786d1cd56bfe9477eefc053968bcc SHA-256: 6aa8aea109d4c7f59c331e1ef9a14240dcec9367978fcd6df1995bec35e68da9 |
| PPC: | |
| thunderbird-10.0.8-2.el6_3.ppc64.rpm File outdated by: RHSA-2013:0821 |
MD5: 02b30d147b0fa9f2b256efdd1b475249 SHA-256: e5aaff8eb078b501a46d026f0ccfd890cbca11800dc5af491ecd6ca55213f804 |
| thunderbird-debuginfo-10.0.8-2.el6_3.ppc64.rpm File outdated by: RHSA-2013:0821 |
MD5: 8f9313f4358a220ba754a32122cd5861 SHA-256: 785569d9aa8f54fc9a7e07a98243da965795325437b712652fef7477128aede8 |
| s390x: | |
| thunderbird-10.0.8-2.el6_3.s390x.rpm File outdated by: RHSA-2013:0821 |
MD5: 9f0dff14615c1473ff9b074eff5f66cb SHA-256: ebe041559bf9b071f6e3a1b4c2df4113dbf997ce3735314b67ac0aa651c24a64 |
| thunderbird-debuginfo-10.0.8-2.el6_3.s390x.rpm File outdated by: RHSA-2013:0821 |
MD5: ecef73ce86e84b700878be3311268f57 SHA-256: 5821de2af5fd67e6fefdc7d0f7746919ea5372bad7c5de230c9f560e282ad3c0 |
| x86_64: | |
| thunderbird-10.0.8-2.el6_3.x86_64.rpm File outdated by: RHSA-2013:0821 |
MD5: f36070f105e14e333107f3475e3f05e2 SHA-256: c68d7a924ba37835a9d4ee747983c2efdcff566fdec3e71acb67ba254eb9ce2c |
| thunderbird-debuginfo-10.0.8-2.el6_3.x86_64.rpm File outdated by: RHSA-2013:0821 |
MD5: 3d10dc001bf0c17e6e485a7c97f1404f SHA-256: 5b89335592927cdee2486b5bc8fb060b3a88fee8dbc78cf43d4fd68edefc5e9d |
| Red Hat Enterprise Linux Server EUS (v. 6.3.z) | |
| SRPMS: | |
| thunderbird-10.0.8-2.el6_3.src.rpm File outdated by: RHSA-2013:0821 |
MD5: ed3f880be4e5be41d773336158aff81a SHA-256: b9d610d87cc7a49b38d31f461c7ff6878d01e76763fd2c2321c7fcba346b6060 |
| IA-32: | |
| thunderbird-10.0.8-2.el6_3.i686.rpm File outdated by: RHSA-2013:0272 |
MD5: 2a43a598528c0b84b394dd5388c9a1bf SHA-256: d1d3bf67e2d5ca46cd38922e1a8ec836fa26d3aef5f88ef2d9aa0dbffab1eb48 |
| thunderbird-debuginfo-10.0.8-2.el6_3.i686.rpm File outdated by: RHSA-2013:0272 |
MD5: 88a786d1cd56bfe9477eefc053968bcc SHA-256: 6aa8aea109d4c7f59c331e1ef9a14240dcec9367978fcd6df1995bec35e68da9 |
| PPC: | |
| thunderbird-10.0.8-2.el6_3.ppc64.rpm File outdated by: RHSA-2013:0272 |
MD5: 02b30d147b0fa9f2b256efdd1b475249 SHA-256: e5aaff8eb078b501a46d026f0ccfd890cbca11800dc5af491ecd6ca55213f804 |
| thunderbird-debuginfo-10.0.8-2.el6_3.ppc64.rpm File outdated by: RHSA-2013:0272 |
MD5: 8f9313f4358a220ba754a32122cd5861 SHA-256: 785569d9aa8f54fc9a7e07a98243da965795325437b712652fef7477128aede8 |
| s390x: | |
| thunderbird-10.0.8-2.el6_3.s390x.rpm File outdated by: RHSA-2013:0272 |
MD5: 9f0dff14615c1473ff9b074eff5f66cb SHA-256: ebe041559bf9b071f6e3a1b4c2df4113dbf997ce3735314b67ac0aa651c24a64 |
| thunderbird-debuginfo-10.0.8-2.el6_3.s390x.rpm File outdated by: RHSA-2013:0272 |
MD5: ecef73ce86e84b700878be3311268f57 SHA-256: 5821de2af5fd67e6fefdc7d0f7746919ea5372bad7c5de230c9f560e282ad3c0 |
| x86_64: | |
| thunderbird-10.0.8-2.el6_3.x86_64.rpm File outdated by: RHSA-2013:0272 |
MD5: f36070f105e14e333107f3475e3f05e2 SHA-256: c68d7a924ba37835a9d4ee747983c2efdcff566fdec3e71acb67ba254eb9ce2c |
| thunderbird-debuginfo-10.0.8-2.el6_3.x86_64.rpm File outdated by: RHSA-2013:0272 |
MD5: 3d10dc001bf0c17e6e485a7c97f1404f SHA-256: 5b89335592927cdee2486b5bc8fb060b3a88fee8dbc78cf43d4fd68edefc5e9d |
| Red Hat Enterprise Linux Workstation (v. 6) | |
| SRPMS: | |
| thunderbird-10.0.8-2.el6_3.src.rpm File outdated by: RHSA-2013:0821 |
MD5: ed3f880be4e5be41d773336158aff81a SHA-256: b9d610d87cc7a49b38d31f461c7ff6878d01e76763fd2c2321c7fcba346b6060 |
| IA-32: | |
| thunderbird-10.0.8-2.el6_3.i686.rpm File outdated by: RHSA-2013:0821 |
MD5: 2a43a598528c0b84b394dd5388c9a1bf SHA-256: d1d3bf67e2d5ca46cd38922e1a8ec836fa26d3aef5f88ef2d9aa0dbffab1eb48 |
| thunderbird-debuginfo-10.0.8-2.el6_3.i686.rpm File outdated by: RHSA-2013:0821 |
MD5: 88a786d1cd56bfe9477eefc053968bcc SHA-256: 6aa8aea109d4c7f59c331e1ef9a14240dcec9367978fcd6df1995bec35e68da9 |
| x86_64: | |
| thunderbird-10.0.8-2.el6_3.x86_64.rpm File outdated by: RHSA-2013:0821 |
MD5: f36070f105e14e333107f3475e3f05e2 SHA-256: c68d7a924ba37835a9d4ee747983c2efdcff566fdec3e71acb67ba254eb9ce2c |
| thunderbird-debuginfo-10.0.8-2.el6_3.x86_64.rpm File outdated by: RHSA-2013:0821 |
MD5: 3d10dc001bf0c17e6e485a7c97f1404f SHA-256: 5b89335592927cdee2486b5bc8fb060b3a88fee8dbc78cf43d4fd68edefc5e9d |
| (The unlinked packages above are only available from the Red Hat Network) | |
Bugs fixed (see bugzilla for more information)
865215 - CVE-2012-4193 Mozilla: defaultValue security checks not applied (MFSA 2012-89)
References
https://www.redhat.com/security/data/cve/CVE-2012-4193.html
https://access.redhat.com/security/updates/classification/#critical
https://access.redhat.com/security/updates/classification/#critical
These packages are GPG signed by Red Hat for security. Our key and details on how to verify the signature are available from:
https://www.redhat.com/security/team/key/#package
The Red Hat security contact is secalert@redhat.com. More contact details at http://www.redhat.com/security/team/contact/
