Skip to navigation

Security Advisory Moderate: thunderbird security update

Advisory: RHSA-2011:1438-1
Type: Security Advisory
Severity: Moderate
Issued on: 2011-11-08
Last updated on: 2011-11-08
Affected Products: RHEL Optional Productivity Applications (v. 5 server)
Red Hat Desktop (v. 4)
Red Hat Enterprise Linux AS (v. 4)
Red Hat Enterprise Linux Desktop (v. 5 client)
Red Hat Enterprise Linux ES (v. 4)
Red Hat Enterprise Linux WS (v. 4)
CVEs (cve.mitre.org): CVE-2011-3648

Details

An updated thunderbird package that fixes one security issue is now
available for Red Hat Enterprise Linux 4 and 5.

The Red Hat Security Response Team has rated this update as having moderate
security impact. A Common Vulnerability Scoring System (CVSS) base score,
which gives a detailed severity rating, is available from the CVE link in
the References section.

Mozilla Thunderbird is a standalone mail and newsgroup client.

A cross-site scripting (XSS) flaw was found in the way Thunderbird handled
certain multibyte character sets. Malicious, remote content could cause
Thunderbird to run JavaScript code with the permissions of different remote
content. (CVE-2011-3648)

Note: This issue cannot be exploited by a specially-crafted HTML mail
message as JavaScript is disabled by default for mail messages. It could be
exploited another way in Thunderbird, for example, when viewing the full
remote content of an RSS feed.

All Thunderbird users should upgrade to this updated package, which
resolves this issue. All running instances of Thunderbird must be restarted
for the update to take effect.


Solution

Before applying this update, make sure all previously-released errata
relevant to your system have been applied.

This update is available via the Red Hat Network. Details on how to
use the Red Hat Network to apply this update are available at
https://access.redhat.com/kb/docs/DOC-11259

Updated packages

RHEL Optional Productivity Applications (v. 5 server)

SRPMS:
thunderbird-2.0.0.24-27.el5_7.src.rpm
File outdated by:  RHSA-2014:0316
    MD5: 86d51e749b8658fad744c5bb671dc151
SHA-256: 4cde3e6eaca039f428da7e72e06da8494e3a5e0bde6e784706ff363b44d53442
 
IA-32:
thunderbird-2.0.0.24-27.el5_7.i386.rpm
File outdated by:  RHSA-2014:0316
    MD5: a04b57ccb31282b9231553b485ebeec8
SHA-256: ffabb48f21af3c34f49c500235d258655de0aa7841bd32a9ffe06724f42a3398
 
x86_64:
thunderbird-2.0.0.24-27.el5_7.x86_64.rpm
File outdated by:  RHSA-2014:0316
    MD5: 99a8804c3d4553fc52da2f8aa6dc5ebd
SHA-256: eb1d51e96e6e7ffc7fa90dd71b8da54de25c06d8a0c34a670e88223ba0c44f3f
 
Red Hat Desktop (v. 4)

SRPMS:
thunderbird-1.5.0.12-45.el4.src.rpm
File outdated by:  RHSA-2012:0085
    MD5: 3281f9ef531d8505ac6b2d59a83c4e5c
SHA-256: b757bce424d464c8b098395b766f4d74b1c00eb8570f64eb6b9258ddceb4e474
 
IA-32:
thunderbird-1.5.0.12-45.el4.i386.rpm
File outdated by:  RHSA-2012:0085
    MD5: 9dd4e4c953aabe4c84f33324d6eea2d6
SHA-256: 0947f58b24da9828f649f58463d0ff7d08c2b8057e4b014cd9caf8a3275512ee
 
x86_64:
thunderbird-1.5.0.12-45.el4.x86_64.rpm
File outdated by:  RHSA-2012:0085
    MD5: b5ab054c8c9a64c5faf1339dbd32c2c6
SHA-256: c9c871fb0274f4f62e0593796c0240d4c87f6fc8e0b9bbca59732c782accc92a
 
Red Hat Enterprise Linux AS (v. 4)

SRPMS:
thunderbird-1.5.0.12-45.el4.src.rpm
File outdated by:  RHSA-2012:0085
    MD5: 3281f9ef531d8505ac6b2d59a83c4e5c
SHA-256: b757bce424d464c8b098395b766f4d74b1c00eb8570f64eb6b9258ddceb4e474
 
IA-32:
thunderbird-1.5.0.12-45.el4.i386.rpm
File outdated by:  RHSA-2012:0085
    MD5: 9dd4e4c953aabe4c84f33324d6eea2d6
SHA-256: 0947f58b24da9828f649f58463d0ff7d08c2b8057e4b014cd9caf8a3275512ee
 
IA-64:
thunderbird-1.5.0.12-45.el4.ia64.rpm
File outdated by:  RHSA-2012:0085
    MD5: dc9da9b2fe00124b2ed6ade6035543c0
SHA-256: c7d7f36ba082f43e48d0796382c5a37f301c323ce46d194acfdb36ea60576e77
 
PPC:
thunderbird-1.5.0.12-45.el4.ppc.rpm
File outdated by:  RHSA-2012:0085
    MD5: 6aae07a23c516777a4bc4ca7e7ed64d4
SHA-256: 97289755982b496a35c951e8a0c455f7d3b98cc695f7fbb25ec4d0ef208f37eb
 
s390:
thunderbird-1.5.0.12-45.el4.s390.rpm
File outdated by:  RHSA-2012:0085
    MD5: 050d29fd09791d286701631e631dbafe
SHA-256: 0c5aac12ce7e185d8e041a362bc2e57212ced24e6faac24aecf83aee6a7c19b6
 
s390x:
thunderbird-1.5.0.12-45.el4.s390x.rpm
File outdated by:  RHSA-2012:0085
    MD5: 9bb563d9739395b6c90091c59d319a83
SHA-256: c176498c57c8423867acaf17a9fa30829be456ba88d1a728c6c00e3ad1f85093
 
x86_64:
thunderbird-1.5.0.12-45.el4.x86_64.rpm
File outdated by:  RHSA-2012:0085
    MD5: b5ab054c8c9a64c5faf1339dbd32c2c6
SHA-256: c9c871fb0274f4f62e0593796c0240d4c87f6fc8e0b9bbca59732c782accc92a
 
Red Hat Enterprise Linux Desktop (v. 5 client)

SRPMS:
thunderbird-2.0.0.24-27.el5_7.src.rpm
File outdated by:  RHSA-2014:0316
    MD5: 86d51e749b8658fad744c5bb671dc151
SHA-256: 4cde3e6eaca039f428da7e72e06da8494e3a5e0bde6e784706ff363b44d53442
 
IA-32:
thunderbird-2.0.0.24-27.el5_7.i386.rpm
File outdated by:  RHSA-2014:0316
    MD5: a04b57ccb31282b9231553b485ebeec8
SHA-256: ffabb48f21af3c34f49c500235d258655de0aa7841bd32a9ffe06724f42a3398
 
x86_64:
thunderbird-2.0.0.24-27.el5_7.x86_64.rpm
File outdated by:  RHSA-2014:0316
    MD5: 99a8804c3d4553fc52da2f8aa6dc5ebd
SHA-256: eb1d51e96e6e7ffc7fa90dd71b8da54de25c06d8a0c34a670e88223ba0c44f3f
 
Red Hat Enterprise Linux ES (v. 4)

SRPMS:
thunderbird-1.5.0.12-45.el4.src.rpm
File outdated by:  RHSA-2012:0085
    MD5: 3281f9ef531d8505ac6b2d59a83c4e5c
SHA-256: b757bce424d464c8b098395b766f4d74b1c00eb8570f64eb6b9258ddceb4e474
 
IA-32:
thunderbird-1.5.0.12-45.el4.i386.rpm
File outdated by:  RHSA-2012:0085
    MD5: 9dd4e4c953aabe4c84f33324d6eea2d6
SHA-256: 0947f58b24da9828f649f58463d0ff7d08c2b8057e4b014cd9caf8a3275512ee
 
IA-64:
thunderbird-1.5.0.12-45.el4.ia64.rpm
File outdated by:  RHSA-2012:0085
    MD5: dc9da9b2fe00124b2ed6ade6035543c0
SHA-256: c7d7f36ba082f43e48d0796382c5a37f301c323ce46d194acfdb36ea60576e77
 
x86_64:
thunderbird-1.5.0.12-45.el4.x86_64.rpm
File outdated by:  RHSA-2012:0085
    MD5: b5ab054c8c9a64c5faf1339dbd32c2c6
SHA-256: c9c871fb0274f4f62e0593796c0240d4c87f6fc8e0b9bbca59732c782accc92a
 
Red Hat Enterprise Linux WS (v. 4)

SRPMS:
thunderbird-1.5.0.12-45.el4.src.rpm
File outdated by:  RHSA-2012:0085
    MD5: 3281f9ef531d8505ac6b2d59a83c4e5c
SHA-256: b757bce424d464c8b098395b766f4d74b1c00eb8570f64eb6b9258ddceb4e474
 
IA-32:
thunderbird-1.5.0.12-45.el4.i386.rpm
File outdated by:  RHSA-2012:0085
    MD5: 9dd4e4c953aabe4c84f33324d6eea2d6
SHA-256: 0947f58b24da9828f649f58463d0ff7d08c2b8057e4b014cd9caf8a3275512ee
 
IA-64:
thunderbird-1.5.0.12-45.el4.ia64.rpm
File outdated by:  RHSA-2012:0085
    MD5: dc9da9b2fe00124b2ed6ade6035543c0
SHA-256: c7d7f36ba082f43e48d0796382c5a37f301c323ce46d194acfdb36ea60576e77
 
x86_64:
thunderbird-1.5.0.12-45.el4.x86_64.rpm
File outdated by:  RHSA-2012:0085
    MD5: b5ab054c8c9a64c5faf1339dbd32c2c6
SHA-256: c9c871fb0274f4f62e0593796c0240d4c87f6fc8e0b9bbca59732c782accc92a
 
(The unlinked packages above are only available from the Red Hat Network)

Bugs fixed (see bugzilla for more information)

751932 - CVE-2011-3648 Mozilla: Universal XSS likely with MultiByte charset (MFSA 2011-47)


References



These packages are GPG signed by Red Hat for security. Our key and details on how to verify the signature are available from:
https://www.redhat.com/security/team/key/#package

The Red Hat security contact is secalert@redhat.com. More contact details at http://www.redhat.com/security/team/contact/