Important: thunderbird security update
| Advisory: | RHSA-2012:1413-1 |
|---|---|
| Type: | Security Advisory |
| Severity: | Important |
| Issued on: | 2012-10-29 |
| Last updated on: | 2012-10-29 |
| Affected Products: | RHEL Optional Productivity Applications (v. 5 server) Red Hat Enterprise Linux Desktop (v. 5 client) Red Hat Enterprise Linux Desktop (v. 6) Red Hat Enterprise Linux Server (v. 6) Red Hat Enterprise Linux Server EUS (v. 6.3.z) Red Hat Enterprise Linux Workstation (v. 6) |
| CVEs (cve.mitre.org): |
CVE-2012-4194 CVE-2012-4195 CVE-2012-4196 |
Details
An updated thunderbird package that fixes multiple security issues is now
available for Red Hat Enterprise Linux 5 and 6.
The Red Hat Security Response Team has rated this update as having
important security impact. Common Vulnerability Scoring System (CVSS) base
scores, which give detailed severity ratings, are available for each
vulnerability from the CVE links in the References section.
Mozilla Thunderbird is a standalone mail and newsgroup client.
Multiple flaws were found in the location object implementation in
Thunderbird. Malicious content could be used to perform cross-site
scripting attacks, bypass the same-origin policy, or cause Thunderbird to
execute arbitrary code. (CVE-2012-4194, CVE-2012-4195, CVE-2012-4196)
Red Hat would like to thank the Mozilla project for reporting these issues.
Upstream acknowledges Mariusz Mlynski, moz_bug_r_a4, and Antoine
Delignat-Lavaud as the original reporters of these issues.
Note: None of the issues in this advisory can be exploited by a
specially-crafted HTML mail message as JavaScript is disabled by default
for mail messages. They could be exploited another way in Thunderbird, for
example, when viewing the full remote content of an RSS feed.
All Thunderbird users should upgrade to this updated package, which
contains Thunderbird version 10.0.10 ESR, which corrects these issues.
After installing the update, Thunderbird must be restarted for the changes
to take effect.
Solution
Before applying this update, make sure all previously-released errata
relevant to your system have been applied.
This update is available via the Red Hat Network. Details on how to
use the Red Hat Network to apply this update are available at
https://access.redhat.com/knowledge/articles/11258
relevant to your system have been applied.
This update is available via the Red Hat Network. Details on how to
use the Red Hat Network to apply this update are available at
https://access.redhat.com/knowledge/articles/11258
Updated packages
| RHEL Optional Productivity Applications (v. 5 server) | |
| SRPMS: | |
| thunderbird-10.0.10-1.el5_8.src.rpm File outdated by: RHSA-2013:0821 |
MD5: 44d8289c8db11598f73e926255106bd2 SHA-256: b3785539ca36d5167feb78120760c0c77ded0776ff682811c40d64072a85d418 |
| IA-32: | |
| thunderbird-10.0.10-1.el5_8.i386.rpm File outdated by: RHSA-2013:0821 |
MD5: 8858f09ac208611ca880ca5adbfc33d6 SHA-256: c08444e74d5ca9d9676f4a4568a745fa475c9b335f293f0f41f119069cefdabf |
| thunderbird-debuginfo-10.0.10-1.el5_8.i386.rpm File outdated by: RHSA-2013:0821 |
MD5: 8a931f94595da69c728af5f6c00b2ce8 SHA-256: 7e997b4e22b89499cc05c68ea2ff7691f9278b39343a1779e1baa62cdc3164ac |
| x86_64: | |
| thunderbird-10.0.10-1.el5_8.x86_64.rpm File outdated by: RHSA-2013:0821 |
MD5: 77c6fbf9b747ffe0d763ab2768667a57 SHA-256: 8255d4f5e9e3fb225173a3655ff58a3327ee436f1fd1c3abbcda47a976d42fbe |
| thunderbird-debuginfo-10.0.10-1.el5_8.x86_64.rpm File outdated by: RHSA-2013:0821 |
MD5: 1f231b72d715136db998dd5c3bdf1948 SHA-256: 69ee6df60704e189dd8d1fc0acc5acf54bf5c6ec5a387e06876efb0550980375 |
| Red Hat Enterprise Linux Desktop (v. 5 client) | |
| SRPMS: | |
| thunderbird-10.0.10-1.el5_8.src.rpm File outdated by: RHSA-2013:0821 |
MD5: 44d8289c8db11598f73e926255106bd2 SHA-256: b3785539ca36d5167feb78120760c0c77ded0776ff682811c40d64072a85d418 |
| IA-32: | |
| thunderbird-10.0.10-1.el5_8.i386.rpm File outdated by: RHSA-2013:0821 |
MD5: 8858f09ac208611ca880ca5adbfc33d6 SHA-256: c08444e74d5ca9d9676f4a4568a745fa475c9b335f293f0f41f119069cefdabf |
| thunderbird-debuginfo-10.0.10-1.el5_8.i386.rpm File outdated by: RHSA-2013:0821 |
MD5: 8a931f94595da69c728af5f6c00b2ce8 SHA-256: 7e997b4e22b89499cc05c68ea2ff7691f9278b39343a1779e1baa62cdc3164ac |
| x86_64: | |
| thunderbird-10.0.10-1.el5_8.x86_64.rpm File outdated by: RHSA-2013:0821 |
MD5: 77c6fbf9b747ffe0d763ab2768667a57 SHA-256: 8255d4f5e9e3fb225173a3655ff58a3327ee436f1fd1c3abbcda47a976d42fbe |
| thunderbird-debuginfo-10.0.10-1.el5_8.x86_64.rpm File outdated by: RHSA-2013:0821 |
MD5: 1f231b72d715136db998dd5c3bdf1948 SHA-256: 69ee6df60704e189dd8d1fc0acc5acf54bf5c6ec5a387e06876efb0550980375 |
| Red Hat Enterprise Linux Desktop (v. 6) | |
| SRPMS: | |
| thunderbird-10.0.10-1.el6_3.src.rpm File outdated by: RHSA-2013:0821 |
MD5: a2706b0ea7963614b533e9423d0a1d87 SHA-256: 002539e21ae4ed87691d130dc0dc44984408e0b3f6adad2bf5060b1535bea6ad |
| IA-32: | |
| thunderbird-10.0.10-1.el6_3.i686.rpm File outdated by: RHSA-2013:0821 |
MD5: fa97518bb7dd1ac6c51d49eca478f75a SHA-256: 4ae9e576602deeadfe701ce01d0786e207085d359ec83aef66b815baed6d64ad |
| thunderbird-debuginfo-10.0.10-1.el6_3.i686.rpm File outdated by: RHSA-2013:0821 |
MD5: 3c11121a4d382b1e85e1ee55074d36f5 SHA-256: b10ce3792441ef7c14d6e3502ff9aab011cc976a6b4af48ab851bb12a50f1daa |
| x86_64: | |
| thunderbird-10.0.10-1.el6_3.x86_64.rpm File outdated by: RHSA-2013:0821 |
MD5: 53afb3d3fb136e32c089553240ded08b SHA-256: 79d59b358011dbe773c68639e14ce93590a9a520b95d760fcecd488cbd037c07 |
| thunderbird-debuginfo-10.0.10-1.el6_3.x86_64.rpm File outdated by: RHSA-2013:0821 |
MD5: f899d23855e9ec71b6c3161b98061679 SHA-256: 9d3341fc3dc72e40e0a6e508bf597e23994427e5c3c7959a9f2df30ad60240f3 |
| Red Hat Enterprise Linux Server (v. 6) | |
| SRPMS: | |
| thunderbird-10.0.10-1.el6_3.src.rpm File outdated by: RHSA-2013:0821 |
MD5: a2706b0ea7963614b533e9423d0a1d87 SHA-256: 002539e21ae4ed87691d130dc0dc44984408e0b3f6adad2bf5060b1535bea6ad |
| IA-32: | |
| thunderbird-10.0.10-1.el6_3.i686.rpm File outdated by: RHSA-2013:0821 |
MD5: fa97518bb7dd1ac6c51d49eca478f75a SHA-256: 4ae9e576602deeadfe701ce01d0786e207085d359ec83aef66b815baed6d64ad |
| thunderbird-debuginfo-10.0.10-1.el6_3.i686.rpm File outdated by: RHSA-2013:0821 |
MD5: 3c11121a4d382b1e85e1ee55074d36f5 SHA-256: b10ce3792441ef7c14d6e3502ff9aab011cc976a6b4af48ab851bb12a50f1daa |
| PPC: | |
| thunderbird-10.0.10-1.el6_3.ppc64.rpm File outdated by: RHSA-2013:0821 |
MD5: e8610d88a50877a8e5bb6c49bae7e180 SHA-256: a7159dd0a9deaefa0b8c36432806a9bc89ca0abe1f3645e2e18406a6fa3faf54 |
| thunderbird-debuginfo-10.0.10-1.el6_3.ppc64.rpm File outdated by: RHSA-2013:0821 |
MD5: 11444c8c698e67186b5a188129517754 SHA-256: 62f925579502a2c198451c20fa68cb0c89fa68e3fb64a9f162617a527e996662 |
| s390x: | |
| thunderbird-10.0.10-1.el6_3.s390x.rpm File outdated by: RHSA-2013:0821 |
MD5: e811d5e28e07593cc8728c1ad4f1c365 SHA-256: d24ab731c4f8d01ea386ab4f6142a34c2cf229681cb7bdbe9c7ce4bef17e444c |
| thunderbird-debuginfo-10.0.10-1.el6_3.s390x.rpm File outdated by: RHSA-2013:0821 |
MD5: a346f40aef9191167c5bf7b0122f8cd4 SHA-256: 146e2f6dea4ded8d1b7f8a68ccd3e994f1c9c0bec3abbfe807b3ce9039d08466 |
| x86_64: | |
| thunderbird-10.0.10-1.el6_3.x86_64.rpm File outdated by: RHSA-2013:0821 |
MD5: 53afb3d3fb136e32c089553240ded08b SHA-256: 79d59b358011dbe773c68639e14ce93590a9a520b95d760fcecd488cbd037c07 |
| thunderbird-debuginfo-10.0.10-1.el6_3.x86_64.rpm File outdated by: RHSA-2013:0821 |
MD5: f899d23855e9ec71b6c3161b98061679 SHA-256: 9d3341fc3dc72e40e0a6e508bf597e23994427e5c3c7959a9f2df30ad60240f3 |
| Red Hat Enterprise Linux Server EUS (v. 6.3.z) | |
| SRPMS: | |
| thunderbird-10.0.10-1.el6_3.src.rpm File outdated by: RHSA-2013:0821 |
MD5: a2706b0ea7963614b533e9423d0a1d87 SHA-256: 002539e21ae4ed87691d130dc0dc44984408e0b3f6adad2bf5060b1535bea6ad |
| IA-32: | |
| thunderbird-10.0.10-1.el6_3.i686.rpm File outdated by: RHSA-2013:0272 |
MD5: fa97518bb7dd1ac6c51d49eca478f75a SHA-256: 4ae9e576602deeadfe701ce01d0786e207085d359ec83aef66b815baed6d64ad |
| thunderbird-debuginfo-10.0.10-1.el6_3.i686.rpm File outdated by: RHSA-2013:0272 |
MD5: 3c11121a4d382b1e85e1ee55074d36f5 SHA-256: b10ce3792441ef7c14d6e3502ff9aab011cc976a6b4af48ab851bb12a50f1daa |
| PPC: | |
| thunderbird-10.0.10-1.el6_3.ppc64.rpm File outdated by: RHSA-2013:0272 |
MD5: e8610d88a50877a8e5bb6c49bae7e180 SHA-256: a7159dd0a9deaefa0b8c36432806a9bc89ca0abe1f3645e2e18406a6fa3faf54 |
| thunderbird-debuginfo-10.0.10-1.el6_3.ppc64.rpm File outdated by: RHSA-2013:0272 |
MD5: 11444c8c698e67186b5a188129517754 SHA-256: 62f925579502a2c198451c20fa68cb0c89fa68e3fb64a9f162617a527e996662 |
| s390x: | |
| thunderbird-10.0.10-1.el6_3.s390x.rpm File outdated by: RHSA-2013:0272 |
MD5: e811d5e28e07593cc8728c1ad4f1c365 SHA-256: d24ab731c4f8d01ea386ab4f6142a34c2cf229681cb7bdbe9c7ce4bef17e444c |
| thunderbird-debuginfo-10.0.10-1.el6_3.s390x.rpm File outdated by: RHSA-2013:0272 |
MD5: a346f40aef9191167c5bf7b0122f8cd4 SHA-256: 146e2f6dea4ded8d1b7f8a68ccd3e994f1c9c0bec3abbfe807b3ce9039d08466 |
| x86_64: | |
| thunderbird-10.0.10-1.el6_3.x86_64.rpm File outdated by: RHSA-2013:0272 |
MD5: 53afb3d3fb136e32c089553240ded08b SHA-256: 79d59b358011dbe773c68639e14ce93590a9a520b95d760fcecd488cbd037c07 |
| thunderbird-debuginfo-10.0.10-1.el6_3.x86_64.rpm File outdated by: RHSA-2013:0272 |
MD5: f899d23855e9ec71b6c3161b98061679 SHA-256: 9d3341fc3dc72e40e0a6e508bf597e23994427e5c3c7959a9f2df30ad60240f3 |
| Red Hat Enterprise Linux Workstation (v. 6) | |
| SRPMS: | |
| thunderbird-10.0.10-1.el6_3.src.rpm File outdated by: RHSA-2013:0821 |
MD5: a2706b0ea7963614b533e9423d0a1d87 SHA-256: 002539e21ae4ed87691d130dc0dc44984408e0b3f6adad2bf5060b1535bea6ad |
| IA-32: | |
| thunderbird-10.0.10-1.el6_3.i686.rpm File outdated by: RHSA-2013:0821 |
MD5: fa97518bb7dd1ac6c51d49eca478f75a SHA-256: 4ae9e576602deeadfe701ce01d0786e207085d359ec83aef66b815baed6d64ad |
| thunderbird-debuginfo-10.0.10-1.el6_3.i686.rpm File outdated by: RHSA-2013:0821 |
MD5: 3c11121a4d382b1e85e1ee55074d36f5 SHA-256: b10ce3792441ef7c14d6e3502ff9aab011cc976a6b4af48ab851bb12a50f1daa |
| x86_64: | |
| thunderbird-10.0.10-1.el6_3.x86_64.rpm File outdated by: RHSA-2013:0821 |
MD5: 53afb3d3fb136e32c089553240ded08b SHA-256: 79d59b358011dbe773c68639e14ce93590a9a520b95d760fcecd488cbd037c07 |
| thunderbird-debuginfo-10.0.10-1.el6_3.x86_64.rpm File outdated by: RHSA-2013:0821 |
MD5: f899d23855e9ec71b6c3161b98061679 SHA-256: 9d3341fc3dc72e40e0a6e508bf597e23994427e5c3c7959a9f2df30ad60240f3 |
| (The unlinked packages above are only available from the Red Hat Network) | |
Bugs fixed (see bugzilla for more information)
869893 - CVE-2012-4194 CVE-2012-4195 CVE-2012-4196 Mozilla: Fixes for Location object issues (MFSA 2012-90)
References
https://www.redhat.com/security/data/cve/CVE-2012-4194.html
https://www.redhat.com/security/data/cve/CVE-2012-4195.html
https://www.redhat.com/security/data/cve/CVE-2012-4196.html
https://access.redhat.com/security/updates/classification/#important
https://www.redhat.com/security/data/cve/CVE-2012-4195.html
https://www.redhat.com/security/data/cve/CVE-2012-4196.html
https://access.redhat.com/security/updates/classification/#important
These packages are GPG signed by Red Hat for security. Our key and details on how to verify the signature are available from:
https://www.redhat.com/security/team/key/#package
The Red Hat security contact is secalert@redhat.com. More contact details at http://www.redhat.com/security/team/contact/
