Important: thunderbird security update
| Advisory: | RHSA-2013:0627-1 |
|---|---|
| Type: | Security Advisory |
| Severity: | Important |
| Issued on: | 2013-03-11 |
| Last updated on: | 2013-03-11 |
| Affected Products: | RHEL Optional Productivity Applications (v. 5 server) RHEL Optional Productivity Applications EUS (v. 5.9.z server) Red Hat Enterprise Linux Desktop (v. 5 client) Red Hat Enterprise Linux Desktop (v. 6) Red Hat Enterprise Linux Server (v. 6) Red Hat Enterprise Linux Server AUS (v. 6.4) Red Hat Enterprise Linux Server EUS (v. 6.4.z) Red Hat Enterprise Linux Workstation (v. 6) |
| CVEs (cve.mitre.org): |
CVE-2013-0787 |
Details
An updated thunderbird package that fixes one security issue is now
available for Red Hat Enterprise Linux 5 and 6.
The Red Hat Security Response Team has rated this update as having
important security impact. A Common Vulnerability Scoring System (CVSS)
base score, which gives a detailed severity rating, is available from the
CVE link in the References section.
Mozilla Thunderbird is a standalone mail and newsgroup client.
A flaw was found in the processing of malformed content. Malicious content
could cause Thunderbird to crash or execute arbitrary code with the
privileges of the user running Thunderbird. (CVE-2013-0787)
Red Hat would like to thank the Mozilla project for reporting this issue.
Upstream acknowledges VUPEN Security via the TippingPoint Zero Day
Initiative project as the original reporter.
Note: This issue cannot be exploited by a specially-crafted HTML mail
message as JavaScript is disabled by default for mail messages. It could
be exploited another way in Thunderbird, for example, when viewing the full
remote content of an RSS feed.
All Thunderbird users should upgrade to this updated package, which
corrects this issue. After installing the update, Thunderbird must be
restarted for the changes to take effect.
Solution
Before applying this update, make sure all previously-released errata
relevant to your system have been applied.
This update is available via the Red Hat Network. Details on how to
use the Red Hat Network to apply this update are available at
https://access.redhat.com/knowledge/articles/11258
relevant to your system have been applied.
This update is available via the Red Hat Network. Details on how to
use the Red Hat Network to apply this update are available at
https://access.redhat.com/knowledge/articles/11258
Updated packages
| RHEL Optional Productivity Applications (v. 5 server) | |
| SRPMS: | |
| thunderbird-17.0.3-2.el5_9.src.rpm File outdated by: RHSA-2013:0821 |
MD5: 940d0eaf11ec10cff3e49b628df4b40c SHA-256: 65fb7861c96e54fe148dea29c7407f904d3f0e21b7465eb9180cbd2dbbf49450 |
| IA-32: | |
| thunderbird-17.0.3-2.el5_9.i386.rpm File outdated by: RHSA-2013:0821 |
MD5: 8505e28ad43b97a0d3607a7c701968cd SHA-256: a77e55f8d3cc2ea8fbbf23db309c93326dba51ba003115517cb3942abbfe2103 |
| thunderbird-debuginfo-17.0.3-2.el5_9.i386.rpm File outdated by: RHSA-2013:0821 |
MD5: 6a0e542515294b9c9cc9a5c7a5356f33 SHA-256: 9cb49dc2d155c215ac7b9b2a3f54ffe66faffbea1bd040788bce71a23f7a094a |
| x86_64: | |
| thunderbird-17.0.3-2.el5_9.x86_64.rpm File outdated by: RHSA-2013:0821 |
MD5: 0df40ba9cc996e0e487abde1644df91d SHA-256: 19b552718fe453ff395f796fac12081089a3121662c7ab308bf0ca97c88428bb |
| thunderbird-debuginfo-17.0.3-2.el5_9.x86_64.rpm File outdated by: RHSA-2013:0821 |
MD5: 2ee84737dd28067880cd99b6a58aafd0 SHA-256: 001133667615be16247a59e328d8b162a86bfdfa0c9af3803299b5f07a092474 |
| RHEL Optional Productivity Applications EUS (v. 5.9.z server) | |
| SRPMS: | |
| thunderbird-17.0.3-2.el5_9.src.rpm File outdated by: RHSA-2013:0821 |
MD5: 940d0eaf11ec10cff3e49b628df4b40c SHA-256: 65fb7861c96e54fe148dea29c7407f904d3f0e21b7465eb9180cbd2dbbf49450 |
| IA-32: | |
| thunderbird-17.0.3-2.el5_9.i386.rpm File outdated by: RHSA-2013:0821 |
MD5: 8505e28ad43b97a0d3607a7c701968cd SHA-256: a77e55f8d3cc2ea8fbbf23db309c93326dba51ba003115517cb3942abbfe2103 |
| thunderbird-debuginfo-17.0.3-2.el5_9.i386.rpm File outdated by: RHSA-2013:0821 |
MD5: 6a0e542515294b9c9cc9a5c7a5356f33 SHA-256: 9cb49dc2d155c215ac7b9b2a3f54ffe66faffbea1bd040788bce71a23f7a094a |
| x86_64: | |
| thunderbird-17.0.3-2.el5_9.x86_64.rpm File outdated by: RHSA-2013:0821 |
MD5: 0df40ba9cc996e0e487abde1644df91d SHA-256: 19b552718fe453ff395f796fac12081089a3121662c7ab308bf0ca97c88428bb |
| thunderbird-debuginfo-17.0.3-2.el5_9.x86_64.rpm File outdated by: RHSA-2013:0821 |
MD5: 2ee84737dd28067880cd99b6a58aafd0 SHA-256: 001133667615be16247a59e328d8b162a86bfdfa0c9af3803299b5f07a092474 |
| Red Hat Enterprise Linux Desktop (v. 5 client) | |
| SRPMS: | |
| thunderbird-17.0.3-2.el5_9.src.rpm File outdated by: RHSA-2013:0821 |
MD5: 940d0eaf11ec10cff3e49b628df4b40c SHA-256: 65fb7861c96e54fe148dea29c7407f904d3f0e21b7465eb9180cbd2dbbf49450 |
| IA-32: | |
| thunderbird-17.0.3-2.el5_9.i386.rpm File outdated by: RHSA-2013:0821 |
MD5: 8505e28ad43b97a0d3607a7c701968cd SHA-256: a77e55f8d3cc2ea8fbbf23db309c93326dba51ba003115517cb3942abbfe2103 |
| thunderbird-debuginfo-17.0.3-2.el5_9.i386.rpm File outdated by: RHSA-2013:0821 |
MD5: 6a0e542515294b9c9cc9a5c7a5356f33 SHA-256: 9cb49dc2d155c215ac7b9b2a3f54ffe66faffbea1bd040788bce71a23f7a094a |
| x86_64: | |
| thunderbird-17.0.3-2.el5_9.x86_64.rpm File outdated by: RHSA-2013:0821 |
MD5: 0df40ba9cc996e0e487abde1644df91d SHA-256: 19b552718fe453ff395f796fac12081089a3121662c7ab308bf0ca97c88428bb |
| thunderbird-debuginfo-17.0.3-2.el5_9.x86_64.rpm File outdated by: RHSA-2013:0821 |
MD5: 2ee84737dd28067880cd99b6a58aafd0 SHA-256: 001133667615be16247a59e328d8b162a86bfdfa0c9af3803299b5f07a092474 |
| Red Hat Enterprise Linux Desktop (v. 6) | |
| SRPMS: | |
| thunderbird-17.0.3-2.el6_4.src.rpm File outdated by: RHSA-2013:0821 |
MD5: ae32976d1da9d1e5909aee65c9e88ed6 SHA-256: 3c175fa1b0ceee9cff423ca4c2a4494ddd0d55c6f8617059928e39ab05dffe7a |
| IA-32: | |
| thunderbird-17.0.3-2.el6_4.i686.rpm File outdated by: RHSA-2013:0821 |
MD5: de558a568a89ac722d777c422dd63423 SHA-256: 7181e83072c70a53b55e92314074e8819409055b62c83a8cc353f914560b50b1 |
| thunderbird-debuginfo-17.0.3-2.el6_4.i686.rpm File outdated by: RHSA-2013:0821 |
MD5: cbac35e12044804643a3558c909f200a SHA-256: f2df56b007f77221f23a0d313de7843ff8f2659ed7baa372abbe5cfbf41dfffa |
| x86_64: | |
| thunderbird-17.0.3-2.el6_4.x86_64.rpm File outdated by: RHSA-2013:0821 |
MD5: 5c265fcff3b7bcf168f3e8062fa973b5 SHA-256: 985eb88c0f6765dd1c0fad6ba5306ad70cfda146549da12a60bdda6025193425 |
| thunderbird-debuginfo-17.0.3-2.el6_4.x86_64.rpm File outdated by: RHSA-2013:0821 |
MD5: d6b21fe73627ec40000af5f9099b0a47 SHA-256: 6a8d09d620054d8ec6f9510fe4e093af76bebef0a63fc9d4aa6eeb4465691673 |
| Red Hat Enterprise Linux Server (v. 6) | |
| SRPMS: | |
| thunderbird-17.0.3-2.el6_4.src.rpm File outdated by: RHSA-2013:0821 |
MD5: ae32976d1da9d1e5909aee65c9e88ed6 SHA-256: 3c175fa1b0ceee9cff423ca4c2a4494ddd0d55c6f8617059928e39ab05dffe7a |
| IA-32: | |
| thunderbird-17.0.3-2.el6_4.i686.rpm File outdated by: RHSA-2013:0821 |
MD5: de558a568a89ac722d777c422dd63423 SHA-256: 7181e83072c70a53b55e92314074e8819409055b62c83a8cc353f914560b50b1 |
| thunderbird-debuginfo-17.0.3-2.el6_4.i686.rpm File outdated by: RHSA-2013:0821 |
MD5: cbac35e12044804643a3558c909f200a SHA-256: f2df56b007f77221f23a0d313de7843ff8f2659ed7baa372abbe5cfbf41dfffa |
| PPC: | |
| thunderbird-17.0.3-2.el6_4.ppc64.rpm File outdated by: RHSA-2013:0821 |
MD5: 05329311c9c4f0557c2ceabd133a86a1 SHA-256: 3527b6d0da2b9224dbec0a30b0834e72bf70efd4be008502e3a367d415ba3334 |
| thunderbird-debuginfo-17.0.3-2.el6_4.ppc64.rpm File outdated by: RHSA-2013:0821 |
MD5: 6aaacc3c8bfe3f230947ec4495e8bc5f SHA-256: edeb476b03b80b5850d3989b5cb7f397672052a718fbbf0be8512158f076ed25 |
| s390x: | |
| thunderbird-17.0.3-2.el6_4.s390x.rpm File outdated by: RHSA-2013:0821 |
MD5: 1f360b10591d2cc2121f48ce23862c2d SHA-256: 051fc471be72c5677cd4570f46b5eea3a809beb52908de1f52bfbbf8aeafe06f |
| thunderbird-debuginfo-17.0.3-2.el6_4.s390x.rpm File outdated by: RHSA-2013:0821 |
MD5: 960effef17bcc14b5948e203680a1270 SHA-256: 0bf8cafb685199edf961a6aa859a89a2ec0ffa0fdad401c3650f09ed263e743e |
| x86_64: | |
| thunderbird-17.0.3-2.el6_4.x86_64.rpm File outdated by: RHSA-2013:0821 |
MD5: 5c265fcff3b7bcf168f3e8062fa973b5 SHA-256: 985eb88c0f6765dd1c0fad6ba5306ad70cfda146549da12a60bdda6025193425 |
| thunderbird-debuginfo-17.0.3-2.el6_4.x86_64.rpm File outdated by: RHSA-2013:0821 |
MD5: d6b21fe73627ec40000af5f9099b0a47 SHA-256: 6a8d09d620054d8ec6f9510fe4e093af76bebef0a63fc9d4aa6eeb4465691673 |
| Red Hat Enterprise Linux Server AUS (v. 6.4) | |
| SRPMS: | |
| thunderbird-17.0.3-2.el6_4.src.rpm File outdated by: RHSA-2013:0821 |
MD5: ae32976d1da9d1e5909aee65c9e88ed6 SHA-256: 3c175fa1b0ceee9cff423ca4c2a4494ddd0d55c6f8617059928e39ab05dffe7a |
| IA-32: | |
| thunderbird-17.0.3-2.el6_4.i686.rpm File outdated by: RHSA-2013:0821 |
MD5: de558a568a89ac722d777c422dd63423 SHA-256: 7181e83072c70a53b55e92314074e8819409055b62c83a8cc353f914560b50b1 |
| thunderbird-debuginfo-17.0.3-2.el6_4.i686.rpm File outdated by: RHSA-2013:0821 |
MD5: cbac35e12044804643a3558c909f200a SHA-256: f2df56b007f77221f23a0d313de7843ff8f2659ed7baa372abbe5cfbf41dfffa |
| x86_64: | |
| thunderbird-17.0.3-2.el6_4.x86_64.rpm File outdated by: RHSA-2013:0821 |
MD5: 5c265fcff3b7bcf168f3e8062fa973b5 SHA-256: 985eb88c0f6765dd1c0fad6ba5306ad70cfda146549da12a60bdda6025193425 |
| thunderbird-debuginfo-17.0.3-2.el6_4.x86_64.rpm File outdated by: RHSA-2013:0821 |
MD5: d6b21fe73627ec40000af5f9099b0a47 SHA-256: 6a8d09d620054d8ec6f9510fe4e093af76bebef0a63fc9d4aa6eeb4465691673 |
| Red Hat Enterprise Linux Server EUS (v. 6.4.z) | |
| SRPMS: | |
| thunderbird-17.0.3-2.el6_4.src.rpm File outdated by: RHSA-2013:0821 |
MD5: ae32976d1da9d1e5909aee65c9e88ed6 SHA-256: 3c175fa1b0ceee9cff423ca4c2a4494ddd0d55c6f8617059928e39ab05dffe7a |
| IA-32: | |
| thunderbird-17.0.3-2.el6_4.i686.rpm File outdated by: RHSA-2013:0821 |
MD5: de558a568a89ac722d777c422dd63423 SHA-256: 7181e83072c70a53b55e92314074e8819409055b62c83a8cc353f914560b50b1 |
| thunderbird-debuginfo-17.0.3-2.el6_4.i686.rpm File outdated by: RHSA-2013:0821 |
MD5: cbac35e12044804643a3558c909f200a SHA-256: f2df56b007f77221f23a0d313de7843ff8f2659ed7baa372abbe5cfbf41dfffa |
| PPC: | |
| thunderbird-17.0.3-2.el6_4.ppc64.rpm File outdated by: RHSA-2013:0821 |
MD5: 05329311c9c4f0557c2ceabd133a86a1 SHA-256: 3527b6d0da2b9224dbec0a30b0834e72bf70efd4be008502e3a367d415ba3334 |
| thunderbird-debuginfo-17.0.3-2.el6_4.ppc64.rpm File outdated by: RHSA-2013:0821 |
MD5: 6aaacc3c8bfe3f230947ec4495e8bc5f SHA-256: edeb476b03b80b5850d3989b5cb7f397672052a718fbbf0be8512158f076ed25 |
| s390x: | |
| thunderbird-17.0.3-2.el6_4.s390x.rpm File outdated by: RHSA-2013:0821 |
MD5: 1f360b10591d2cc2121f48ce23862c2d SHA-256: 051fc471be72c5677cd4570f46b5eea3a809beb52908de1f52bfbbf8aeafe06f |
| thunderbird-debuginfo-17.0.3-2.el6_4.s390x.rpm File outdated by: RHSA-2013:0821 |
MD5: 960effef17bcc14b5948e203680a1270 SHA-256: 0bf8cafb685199edf961a6aa859a89a2ec0ffa0fdad401c3650f09ed263e743e |
| x86_64: | |
| thunderbird-17.0.3-2.el6_4.x86_64.rpm File outdated by: RHSA-2013:0821 |
MD5: 5c265fcff3b7bcf168f3e8062fa973b5 SHA-256: 985eb88c0f6765dd1c0fad6ba5306ad70cfda146549da12a60bdda6025193425 |
| thunderbird-debuginfo-17.0.3-2.el6_4.x86_64.rpm File outdated by: RHSA-2013:0821 |
MD5: d6b21fe73627ec40000af5f9099b0a47 SHA-256: 6a8d09d620054d8ec6f9510fe4e093af76bebef0a63fc9d4aa6eeb4465691673 |
| Red Hat Enterprise Linux Workstation (v. 6) | |
| SRPMS: | |
| thunderbird-17.0.3-2.el6_4.src.rpm File outdated by: RHSA-2013:0821 |
MD5: ae32976d1da9d1e5909aee65c9e88ed6 SHA-256: 3c175fa1b0ceee9cff423ca4c2a4494ddd0d55c6f8617059928e39ab05dffe7a |
| IA-32: | |
| thunderbird-17.0.3-2.el6_4.i686.rpm File outdated by: RHSA-2013:0821 |
MD5: de558a568a89ac722d777c422dd63423 SHA-256: 7181e83072c70a53b55e92314074e8819409055b62c83a8cc353f914560b50b1 |
| thunderbird-debuginfo-17.0.3-2.el6_4.i686.rpm File outdated by: RHSA-2013:0821 |
MD5: cbac35e12044804643a3558c909f200a SHA-256: f2df56b007f77221f23a0d313de7843ff8f2659ed7baa372abbe5cfbf41dfffa |
| x86_64: | |
| thunderbird-17.0.3-2.el6_4.x86_64.rpm File outdated by: RHSA-2013:0821 |
MD5: 5c265fcff3b7bcf168f3e8062fa973b5 SHA-256: 985eb88c0f6765dd1c0fad6ba5306ad70cfda146549da12a60bdda6025193425 |
| thunderbird-debuginfo-17.0.3-2.el6_4.x86_64.rpm File outdated by: RHSA-2013:0821 |
MD5: d6b21fe73627ec40000af5f9099b0a47 SHA-256: 6a8d09d620054d8ec6f9510fe4e093af76bebef0a63fc9d4aa6eeb4465691673 |
| (The unlinked packages above are only available from the Red Hat Network) | |
Bugs fixed (see bugzilla for more information)
918876 - CVE-2013-0787 Mozilla: Use-after-free in HTML Editor (MFSA 2013-29)
References
https://www.redhat.com/security/data/cve/CVE-2013-0787.html
https://access.redhat.com/security/updates/classification/#important
https://access.redhat.com/security/updates/classification/#important
These packages are GPG signed by Red Hat for security. Our key and details on how to verify the signature are available from:
https://www.redhat.com/security/team/key/#package
The Red Hat security contact is secalert@redhat.com. More contact details at http://www.redhat.com/security/team/contact/
