Skip to navigation

Security Advisory Moderate: thunderbird security update

Advisory: RHSA-2010:0812-1
Type: Security Advisory
Severity: Moderate
Issued on: 2010-10-28
Last updated on: 2010-10-28
Affected Products: RHEL Optional Productivity Applications (v. 5 server)
Red Hat Desktop (v. 4)
Red Hat Enterprise Linux AS (v. 4)
Red Hat Enterprise Linux AS (v. 4.8.z)
Red Hat Enterprise Linux Desktop (v. 5 client)
Red Hat Enterprise Linux ES (v. 4)
Red Hat Enterprise Linux ES (v. 4.8.z)
Red Hat Enterprise Linux WS (v. 4)
CVEs (cve.mitre.org): CVE-2010-3765

Details

An updated thunderbird package that fixes one security issue is now
available for Red Hat Enterprise Linux 4 and 5.

The Red Hat Security Response Team has rated this update as having moderate
security impact. A Common Vulnerability Scoring System (CVSS) base score,
which gives a detailed severity rating, is available from the CVE link in
the References section.

Mozilla Thunderbird is a standalone mail and newsgroup client.

A race condition flaw was found in the way Thunderbird handled Document
Object Model (DOM) element properties. An HTML mail message containing
malicious content could cause Thunderbird to crash or, potentially, execute
arbitrary code with the privileges of the user running Thunderbird.
(CVE-2010-3765)

Note: JavaScript support is disabled by default in Thunderbird. The
CVE-2010-3765 issue is not exploitable unless JavaScript is enabled.

All Thunderbird users should upgrade to this updated package, which
resolves this issue. All running instances of Thunderbird must be restarted
for the update to take effect.


Solution

Before applying this update, make sure all previously-released errata
relevant to your system have been applied.

This update is available via the Red Hat Network. Details on how to
use the Red Hat Network to apply this update are available at
http://kbase.redhat.com/faq/docs/DOC-11259

Updated packages

RHEL Optional Productivity Applications (v. 5 server)

SRPMS:
thunderbird-2.0.0.24-10.el5_5.src.rpm
File outdated by:  RHSA-2014:0316
    MD5: ea2a16151de5a29ed08ca542aa4aeb54
SHA-256: 66abe679797817869da96ae9d40f2d907f9274f60e2fb06aae35f12c78efcc49
 
IA-32:
thunderbird-2.0.0.24-10.el5_5.i386.rpm
File outdated by:  RHSA-2014:0316
    MD5: f0f3369430bc25d81a6037fbd672585b
SHA-256: 4030173b157e7641cd72c0033b001a2548896428d4262969c0f8676e538ad63d
 
x86_64:
thunderbird-2.0.0.24-10.el5_5.x86_64.rpm
File outdated by:  RHSA-2014:0316
    MD5: 2bb6ec39fd2d23d56fc6c851437e430f
SHA-256: 6ee16b3c498ae514aa9ef44fe8e6f1c283d04114c6d846092473bf7756c28f36
 
Red Hat Desktop (v. 4)

SRPMS:
thunderbird-1.5.0.12-33.el4.src.rpm
File outdated by:  RHSA-2012:0085
    MD5: c5ed6c6f5f4d414338e7b51ef7008e21
SHA-256: 410d0b8bec25a3a2be6c39e30bcbc86895a63ce2fa8a95b24e06b122a726f443
 
IA-32:
thunderbird-1.5.0.12-33.el4.i386.rpm
File outdated by:  RHSA-2012:0085
    MD5: 1741e9f2178c595c5bd85e4f37295327
SHA-256: b1f27ea710da35fde59a241a580244a229682010c73ba1fd50ea34cb86089c18
 
x86_64:
thunderbird-1.5.0.12-33.el4.x86_64.rpm
File outdated by:  RHSA-2012:0085
    MD5: 9882505ea635dab908badae83083fa70
SHA-256: 930f84c49114949053be97e1fa0ee75c400d05a63f30f5d73d5f25793b094b21
 
Red Hat Enterprise Linux AS (v. 4)

SRPMS:
thunderbird-1.5.0.12-33.el4.src.rpm
File outdated by:  RHSA-2012:0085
    MD5: c5ed6c6f5f4d414338e7b51ef7008e21
SHA-256: 410d0b8bec25a3a2be6c39e30bcbc86895a63ce2fa8a95b24e06b122a726f443
 
IA-32:
thunderbird-1.5.0.12-33.el4.i386.rpm
File outdated by:  RHSA-2012:0085
    MD5: 1741e9f2178c595c5bd85e4f37295327
SHA-256: b1f27ea710da35fde59a241a580244a229682010c73ba1fd50ea34cb86089c18
 
IA-64:
thunderbird-1.5.0.12-33.el4.ia64.rpm
File outdated by:  RHSA-2012:0085
    MD5: 97e7ff15e93596c775642c4bc608fbf7
SHA-256: 709aaf464e4ecf4b310dd13eb8fe40e1c10ea4558060b1a41bcd4b1cab446091
 
PPC:
thunderbird-1.5.0.12-33.el4.ppc.rpm
File outdated by:  RHSA-2012:0085
    MD5: 34aacfe2ee42e987bd4f4a042eeec608
SHA-256: 7686a97c7de40619903dff717e377523c7a248d5eae7464d84bfc05ee6a4c9b5
 
s390:
thunderbird-1.5.0.12-33.el4.s390.rpm
File outdated by:  RHSA-2012:0085
    MD5: c1a278b2b3d47eb1d06d5e1bfcfa2e41
SHA-256: 27887875e33b0e67249e54ceeb4a5ee8b662cc92359631f1693358b21dc971b8
 
s390x:
thunderbird-1.5.0.12-33.el4.s390x.rpm
File outdated by:  RHSA-2012:0085
    MD5: bac85b3ccbc43ebedc79a249a3048b4c
SHA-256: 898ed08d51902589b73a10d3da499627f0d15f485ef928ec37721f9dee80845c
 
x86_64:
thunderbird-1.5.0.12-33.el4.x86_64.rpm
File outdated by:  RHSA-2012:0085
    MD5: 9882505ea635dab908badae83083fa70
SHA-256: 930f84c49114949053be97e1fa0ee75c400d05a63f30f5d73d5f25793b094b21
 
Red Hat Enterprise Linux AS (v. 4.8.z)

SRPMS:
thunderbird-1.5.0.12-33.el4.src.rpm
File outdated by:  RHSA-2012:0085
    MD5: c5ed6c6f5f4d414338e7b51ef7008e21
SHA-256: 410d0b8bec25a3a2be6c39e30bcbc86895a63ce2fa8a95b24e06b122a726f443
 
IA-32:
thunderbird-1.5.0.12-33.el4.i386.rpm
File outdated by:  RHSA-2011:0887
    MD5: 1741e9f2178c595c5bd85e4f37295327
SHA-256: b1f27ea710da35fde59a241a580244a229682010c73ba1fd50ea34cb86089c18
 
IA-64:
thunderbird-1.5.0.12-33.el4.ia64.rpm
File outdated by:  RHSA-2011:0887
    MD5: 97e7ff15e93596c775642c4bc608fbf7
SHA-256: 709aaf464e4ecf4b310dd13eb8fe40e1c10ea4558060b1a41bcd4b1cab446091
 
PPC:
thunderbird-1.5.0.12-33.el4.ppc.rpm
File outdated by:  RHSA-2011:0887
    MD5: 34aacfe2ee42e987bd4f4a042eeec608
SHA-256: 7686a97c7de40619903dff717e377523c7a248d5eae7464d84bfc05ee6a4c9b5
 
s390:
thunderbird-1.5.0.12-33.el4.s390.rpm
File outdated by:  RHSA-2011:0887
    MD5: c1a278b2b3d47eb1d06d5e1bfcfa2e41
SHA-256: 27887875e33b0e67249e54ceeb4a5ee8b662cc92359631f1693358b21dc971b8
 
s390x:
thunderbird-1.5.0.12-33.el4.s390x.rpm
File outdated by:  RHSA-2011:0887
    MD5: bac85b3ccbc43ebedc79a249a3048b4c
SHA-256: 898ed08d51902589b73a10d3da499627f0d15f485ef928ec37721f9dee80845c
 
x86_64:
thunderbird-1.5.0.12-33.el4.x86_64.rpm
File outdated by:  RHSA-2011:0887
    MD5: 9882505ea635dab908badae83083fa70
SHA-256: 930f84c49114949053be97e1fa0ee75c400d05a63f30f5d73d5f25793b094b21
 
Red Hat Enterprise Linux Desktop (v. 5 client)

SRPMS:
thunderbird-2.0.0.24-10.el5_5.src.rpm
File outdated by:  RHSA-2014:0316
    MD5: ea2a16151de5a29ed08ca542aa4aeb54
SHA-256: 66abe679797817869da96ae9d40f2d907f9274f60e2fb06aae35f12c78efcc49
 
IA-32:
thunderbird-2.0.0.24-10.el5_5.i386.rpm
File outdated by:  RHSA-2014:0316
    MD5: f0f3369430bc25d81a6037fbd672585b
SHA-256: 4030173b157e7641cd72c0033b001a2548896428d4262969c0f8676e538ad63d
 
x86_64:
thunderbird-2.0.0.24-10.el5_5.x86_64.rpm
File outdated by:  RHSA-2014:0316
    MD5: 2bb6ec39fd2d23d56fc6c851437e430f
SHA-256: 6ee16b3c498ae514aa9ef44fe8e6f1c283d04114c6d846092473bf7756c28f36
 
Red Hat Enterprise Linux ES (v. 4)

SRPMS:
thunderbird-1.5.0.12-33.el4.src.rpm
File outdated by:  RHSA-2012:0085
    MD5: c5ed6c6f5f4d414338e7b51ef7008e21
SHA-256: 410d0b8bec25a3a2be6c39e30bcbc86895a63ce2fa8a95b24e06b122a726f443
 
IA-32:
thunderbird-1.5.0.12-33.el4.i386.rpm
File outdated by:  RHSA-2012:0085
    MD5: 1741e9f2178c595c5bd85e4f37295327
SHA-256: b1f27ea710da35fde59a241a580244a229682010c73ba1fd50ea34cb86089c18
 
IA-64:
thunderbird-1.5.0.12-33.el4.ia64.rpm
File outdated by:  RHSA-2012:0085
    MD5: 97e7ff15e93596c775642c4bc608fbf7
SHA-256: 709aaf464e4ecf4b310dd13eb8fe40e1c10ea4558060b1a41bcd4b1cab446091
 
x86_64:
thunderbird-1.5.0.12-33.el4.x86_64.rpm
File outdated by:  RHSA-2012:0085
    MD5: 9882505ea635dab908badae83083fa70
SHA-256: 930f84c49114949053be97e1fa0ee75c400d05a63f30f5d73d5f25793b094b21
 
Red Hat Enterprise Linux ES (v. 4.8.z)

SRPMS:
thunderbird-1.5.0.12-33.el4.src.rpm
File outdated by:  RHSA-2012:0085
    MD5: c5ed6c6f5f4d414338e7b51ef7008e21
SHA-256: 410d0b8bec25a3a2be6c39e30bcbc86895a63ce2fa8a95b24e06b122a726f443
 
IA-32:
thunderbird-1.5.0.12-33.el4.i386.rpm
File outdated by:  RHSA-2011:0887
    MD5: 1741e9f2178c595c5bd85e4f37295327
SHA-256: b1f27ea710da35fde59a241a580244a229682010c73ba1fd50ea34cb86089c18
 
IA-64:
thunderbird-1.5.0.12-33.el4.ia64.rpm
File outdated by:  RHSA-2011:0887
    MD5: 97e7ff15e93596c775642c4bc608fbf7
SHA-256: 709aaf464e4ecf4b310dd13eb8fe40e1c10ea4558060b1a41bcd4b1cab446091
 
x86_64:
thunderbird-1.5.0.12-33.el4.x86_64.rpm
File outdated by:  RHSA-2011:0887
    MD5: 9882505ea635dab908badae83083fa70
SHA-256: 930f84c49114949053be97e1fa0ee75c400d05a63f30f5d73d5f25793b094b21
 
Red Hat Enterprise Linux WS (v. 4)

SRPMS:
thunderbird-1.5.0.12-33.el4.src.rpm
File outdated by:  RHSA-2012:0085
    MD5: c5ed6c6f5f4d414338e7b51ef7008e21
SHA-256: 410d0b8bec25a3a2be6c39e30bcbc86895a63ce2fa8a95b24e06b122a726f443
 
IA-32:
thunderbird-1.5.0.12-33.el4.i386.rpm
File outdated by:  RHSA-2012:0085
    MD5: 1741e9f2178c595c5bd85e4f37295327
SHA-256: b1f27ea710da35fde59a241a580244a229682010c73ba1fd50ea34cb86089c18
 
IA-64:
thunderbird-1.5.0.12-33.el4.ia64.rpm
File outdated by:  RHSA-2012:0085
    MD5: 97e7ff15e93596c775642c4bc608fbf7
SHA-256: 709aaf464e4ecf4b310dd13eb8fe40e1c10ea4558060b1a41bcd4b1cab446091
 
x86_64:
thunderbird-1.5.0.12-33.el4.x86_64.rpm
File outdated by:  RHSA-2012:0085
    MD5: 9882505ea635dab908badae83083fa70
SHA-256: 930f84c49114949053be97e1fa0ee75c400d05a63f30f5d73d5f25793b094b21
 
(The unlinked packages above are only available from the Red Hat Network)

Bugs fixed (see bugzilla for more information)

646997 - CVE-2010-3765 Firefox race condition flaw (MFSA 2010-73)


References



These packages are GPG signed by Red Hat for security. Our key and details on how to verify the signature are available from:
https://www.redhat.com/security/team/key/#package

The Red Hat security contact is secalert@redhat.com. More contact details at http://www.redhat.com/security/team/contact/