Skip to navigation

Security Advisory Critical: thunderbird security update

Advisory: RHSA-2012:1362-1
Type: Security Advisory
Severity: Critical
Issued on: 2012-10-12
Last updated on: 2012-10-12
Affected Products: RHEL Optional Productivity Applications (v. 5 server)
Red Hat Enterprise Linux Desktop (v. 5 client)
Red Hat Enterprise Linux Desktop (v. 6)
Red Hat Enterprise Linux Server (v. 6)
Red Hat Enterprise Linux Server EUS (v. 6.3.z)
Red Hat Enterprise Linux Workstation (v. 6)
CVEs (cve.mitre.org): CVE-2012-4193

Details

An updated thunderbird package that fixes one security issue is now
available for Red Hat Enterprise Linux 5 and 6.

The Red Hat Security Response Team has rated this update as having critical
security impact. A Common Vulnerability Scoring System (CVSS) base score,
which gives a detailed severity rating, is available from the CVE link in
the References section.

Mozilla Thunderbird is a standalone mail and newsgroup client.

A flaw was found in the way Thunderbird handled security wrappers.
Malicious content could cause Thunderbird to execute arbitrary code with
the privileges of the user running Thunderbird. (CVE-2012-4193)

Red Hat would like to thank the Mozilla project for reporting this issue.
Upstream acknowledges moz_bug_r_a4 as the original reporter.

Note: This issue cannot be exploited by a specially-crafted HTML mail
message as JavaScript is disabled by default for mail messages. It could be
exploited another way in Thunderbird, for example, when viewing the full
remote content of an RSS feed.

All Thunderbird users should upgrade to this updated package, which
corrects this issue. After installing the update, Thunderbird must be
restarted for the changes to take effect.


Solution

Before applying this update, make sure all previously-released errata
relevant to your system have been applied.

This update is available via the Red Hat Network. Details on how to
use the Red Hat Network to apply this update are available at
https://access.redhat.com/knowledge/articles/11258

Updated packages

RHEL Optional Productivity Applications (v. 5 server)

SRPMS:
thunderbird-10.0.8-2.el5_8.src.rpm
File outdated by:  RHSA-2014:0316
    MD5: c30cc2ef011ed23a4c70039a8c7e8df3
SHA-256: 3a0843576b82c4f073e5f765edc39dde3b35e0ec010b1be7314dec7db821138f
 
IA-32:
thunderbird-10.0.8-2.el5_8.i386.rpm
File outdated by:  RHSA-2014:0316
    MD5: 7fde054641e4a8f0ca935cdb6dfe11bc
SHA-256: 26bc4e74c29a9a4f31ab0a2f0e2cfeb94c6e089ad5eeccf7ae2566429f0aee11
thunderbird-debuginfo-10.0.8-2.el5_8.i386.rpm
File outdated by:  RHSA-2014:0316
    MD5: bfb130e35136880be013890a53c8ac45
SHA-256: db4f6e5ff708e2c63089db8b0749ee813ce98ff3f28f604cc8e502bf802b7189
 
x86_64:
thunderbird-10.0.8-2.el5_8.x86_64.rpm
File outdated by:  RHSA-2014:0316
    MD5: f325d93efe4179c2592200675e0f3d76
SHA-256: d27bc2025cb3b113774914c2f611ca70fc9be6dcb17bf7e480c8fff45cdb13d4
thunderbird-debuginfo-10.0.8-2.el5_8.x86_64.rpm
File outdated by:  RHSA-2014:0316
    MD5: f175f7e1c62d45afb709cafaafb1b6c7
SHA-256: 59d5e846e3f85147669232a8511663effabfec9047c2e4a83b8263826bcd7c41
 
Red Hat Enterprise Linux Desktop (v. 5 client)

SRPMS:
thunderbird-10.0.8-2.el5_8.src.rpm
File outdated by:  RHSA-2014:0316
    MD5: c30cc2ef011ed23a4c70039a8c7e8df3
SHA-256: 3a0843576b82c4f073e5f765edc39dde3b35e0ec010b1be7314dec7db821138f
 
IA-32:
thunderbird-10.0.8-2.el5_8.i386.rpm
File outdated by:  RHSA-2014:0316
    MD5: 7fde054641e4a8f0ca935cdb6dfe11bc
SHA-256: 26bc4e74c29a9a4f31ab0a2f0e2cfeb94c6e089ad5eeccf7ae2566429f0aee11
thunderbird-debuginfo-10.0.8-2.el5_8.i386.rpm
File outdated by:  RHSA-2014:0316
    MD5: bfb130e35136880be013890a53c8ac45
SHA-256: db4f6e5ff708e2c63089db8b0749ee813ce98ff3f28f604cc8e502bf802b7189
 
x86_64:
thunderbird-10.0.8-2.el5_8.x86_64.rpm
File outdated by:  RHSA-2014:0316
    MD5: f325d93efe4179c2592200675e0f3d76
SHA-256: d27bc2025cb3b113774914c2f611ca70fc9be6dcb17bf7e480c8fff45cdb13d4
thunderbird-debuginfo-10.0.8-2.el5_8.x86_64.rpm
File outdated by:  RHSA-2014:0316
    MD5: f175f7e1c62d45afb709cafaafb1b6c7
SHA-256: 59d5e846e3f85147669232a8511663effabfec9047c2e4a83b8263826bcd7c41
 
Red Hat Enterprise Linux Desktop (v. 6)

SRPMS:
thunderbird-10.0.8-2.el6_3.src.rpm
File outdated by:  RHSA-2014:0316
    MD5: ed3f880be4e5be41d773336158aff81a
SHA-256: b9d610d87cc7a49b38d31f461c7ff6878d01e76763fd2c2321c7fcba346b6060
 
IA-32:
thunderbird-10.0.8-2.el6_3.i686.rpm
File outdated by:  RHSA-2014:0316
    MD5: 2a43a598528c0b84b394dd5388c9a1bf
SHA-256: d1d3bf67e2d5ca46cd38922e1a8ec836fa26d3aef5f88ef2d9aa0dbffab1eb48
thunderbird-debuginfo-10.0.8-2.el6_3.i686.rpm
File outdated by:  RHSA-2014:0316
    MD5: 88a786d1cd56bfe9477eefc053968bcc
SHA-256: 6aa8aea109d4c7f59c331e1ef9a14240dcec9367978fcd6df1995bec35e68da9
 
x86_64:
thunderbird-10.0.8-2.el6_3.x86_64.rpm
File outdated by:  RHSA-2014:0316
    MD5: f36070f105e14e333107f3475e3f05e2
SHA-256: c68d7a924ba37835a9d4ee747983c2efdcff566fdec3e71acb67ba254eb9ce2c
thunderbird-debuginfo-10.0.8-2.el6_3.x86_64.rpm
File outdated by:  RHSA-2014:0316
    MD5: 3d10dc001bf0c17e6e485a7c97f1404f
SHA-256: 5b89335592927cdee2486b5bc8fb060b3a88fee8dbc78cf43d4fd68edefc5e9d
 
Red Hat Enterprise Linux Server (v. 6)

SRPMS:
thunderbird-10.0.8-2.el6_3.src.rpm
File outdated by:  RHSA-2014:0316
    MD5: ed3f880be4e5be41d773336158aff81a
SHA-256: b9d610d87cc7a49b38d31f461c7ff6878d01e76763fd2c2321c7fcba346b6060
 
IA-32:
thunderbird-10.0.8-2.el6_3.i686.rpm
File outdated by:  RHSA-2014:0316
    MD5: 2a43a598528c0b84b394dd5388c9a1bf
SHA-256: d1d3bf67e2d5ca46cd38922e1a8ec836fa26d3aef5f88ef2d9aa0dbffab1eb48
thunderbird-debuginfo-10.0.8-2.el6_3.i686.rpm
File outdated by:  RHSA-2014:0316
    MD5: 88a786d1cd56bfe9477eefc053968bcc
SHA-256: 6aa8aea109d4c7f59c331e1ef9a14240dcec9367978fcd6df1995bec35e68da9
 
PPC:
thunderbird-10.0.8-2.el6_3.ppc64.rpm
File outdated by:  RHSA-2014:0316
    MD5: 02b30d147b0fa9f2b256efdd1b475249
SHA-256: e5aaff8eb078b501a46d026f0ccfd890cbca11800dc5af491ecd6ca55213f804
thunderbird-debuginfo-10.0.8-2.el6_3.ppc64.rpm
File outdated by:  RHSA-2014:0316
    MD5: 8f9313f4358a220ba754a32122cd5861
SHA-256: 785569d9aa8f54fc9a7e07a98243da965795325437b712652fef7477128aede8
 
s390x:
thunderbird-10.0.8-2.el6_3.s390x.rpm
File outdated by:  RHSA-2014:0316
    MD5: 9f0dff14615c1473ff9b074eff5f66cb
SHA-256: ebe041559bf9b071f6e3a1b4c2df4113dbf997ce3735314b67ac0aa651c24a64
thunderbird-debuginfo-10.0.8-2.el6_3.s390x.rpm
File outdated by:  RHSA-2014:0316
    MD5: ecef73ce86e84b700878be3311268f57
SHA-256: 5821de2af5fd67e6fefdc7d0f7746919ea5372bad7c5de230c9f560e282ad3c0
 
x86_64:
thunderbird-10.0.8-2.el6_3.x86_64.rpm
File outdated by:  RHSA-2014:0316
    MD5: f36070f105e14e333107f3475e3f05e2
SHA-256: c68d7a924ba37835a9d4ee747983c2efdcff566fdec3e71acb67ba254eb9ce2c
thunderbird-debuginfo-10.0.8-2.el6_3.x86_64.rpm
File outdated by:  RHSA-2014:0316
    MD5: 3d10dc001bf0c17e6e485a7c97f1404f
SHA-256: 5b89335592927cdee2486b5bc8fb060b3a88fee8dbc78cf43d4fd68edefc5e9d
 
Red Hat Enterprise Linux Server EUS (v. 6.3.z)

SRPMS:
thunderbird-10.0.8-2.el6_3.src.rpm
File outdated by:  RHSA-2014:0316
    MD5: ed3f880be4e5be41d773336158aff81a
SHA-256: b9d610d87cc7a49b38d31f461c7ff6878d01e76763fd2c2321c7fcba346b6060
 
IA-32:
thunderbird-10.0.8-2.el6_3.i686.rpm
File outdated by:  RHSA-2013:0272
    MD5: 2a43a598528c0b84b394dd5388c9a1bf
SHA-256: d1d3bf67e2d5ca46cd38922e1a8ec836fa26d3aef5f88ef2d9aa0dbffab1eb48
thunderbird-debuginfo-10.0.8-2.el6_3.i686.rpm
File outdated by:  RHSA-2013:0272
    MD5: 88a786d1cd56bfe9477eefc053968bcc
SHA-256: 6aa8aea109d4c7f59c331e1ef9a14240dcec9367978fcd6df1995bec35e68da9
 
PPC:
thunderbird-10.0.8-2.el6_3.ppc64.rpm
File outdated by:  RHSA-2013:0272
    MD5: 02b30d147b0fa9f2b256efdd1b475249
SHA-256: e5aaff8eb078b501a46d026f0ccfd890cbca11800dc5af491ecd6ca55213f804
thunderbird-debuginfo-10.0.8-2.el6_3.ppc64.rpm
File outdated by:  RHSA-2013:0272
    MD5: 8f9313f4358a220ba754a32122cd5861
SHA-256: 785569d9aa8f54fc9a7e07a98243da965795325437b712652fef7477128aede8
 
s390x:
thunderbird-10.0.8-2.el6_3.s390x.rpm
File outdated by:  RHSA-2013:0272
    MD5: 9f0dff14615c1473ff9b074eff5f66cb
SHA-256: ebe041559bf9b071f6e3a1b4c2df4113dbf997ce3735314b67ac0aa651c24a64
thunderbird-debuginfo-10.0.8-2.el6_3.s390x.rpm
File outdated by:  RHSA-2013:0272
    MD5: ecef73ce86e84b700878be3311268f57
SHA-256: 5821de2af5fd67e6fefdc7d0f7746919ea5372bad7c5de230c9f560e282ad3c0
 
x86_64:
thunderbird-10.0.8-2.el6_3.x86_64.rpm
File outdated by:  RHSA-2013:0272
    MD5: f36070f105e14e333107f3475e3f05e2
SHA-256: c68d7a924ba37835a9d4ee747983c2efdcff566fdec3e71acb67ba254eb9ce2c
thunderbird-debuginfo-10.0.8-2.el6_3.x86_64.rpm
File outdated by:  RHSA-2013:0272
    MD5: 3d10dc001bf0c17e6e485a7c97f1404f
SHA-256: 5b89335592927cdee2486b5bc8fb060b3a88fee8dbc78cf43d4fd68edefc5e9d
 
Red Hat Enterprise Linux Workstation (v. 6)

SRPMS:
thunderbird-10.0.8-2.el6_3.src.rpm
File outdated by:  RHSA-2014:0316
    MD5: ed3f880be4e5be41d773336158aff81a
SHA-256: b9d610d87cc7a49b38d31f461c7ff6878d01e76763fd2c2321c7fcba346b6060
 
IA-32:
thunderbird-10.0.8-2.el6_3.i686.rpm
File outdated by:  RHSA-2014:0316
    MD5: 2a43a598528c0b84b394dd5388c9a1bf
SHA-256: d1d3bf67e2d5ca46cd38922e1a8ec836fa26d3aef5f88ef2d9aa0dbffab1eb48
thunderbird-debuginfo-10.0.8-2.el6_3.i686.rpm
File outdated by:  RHSA-2014:0316
    MD5: 88a786d1cd56bfe9477eefc053968bcc
SHA-256: 6aa8aea109d4c7f59c331e1ef9a14240dcec9367978fcd6df1995bec35e68da9
 
x86_64:
thunderbird-10.0.8-2.el6_3.x86_64.rpm
File outdated by:  RHSA-2014:0316
    MD5: f36070f105e14e333107f3475e3f05e2
SHA-256: c68d7a924ba37835a9d4ee747983c2efdcff566fdec3e71acb67ba254eb9ce2c
thunderbird-debuginfo-10.0.8-2.el6_3.x86_64.rpm
File outdated by:  RHSA-2014:0316
    MD5: 3d10dc001bf0c17e6e485a7c97f1404f
SHA-256: 5b89335592927cdee2486b5bc8fb060b3a88fee8dbc78cf43d4fd68edefc5e9d
 
(The unlinked packages above are only available from the Red Hat Network)

Bugs fixed (see bugzilla for more information)

865215 - CVE-2012-4193 Mozilla: defaultValue security checks not applied (MFSA 2012-89)


References



These packages are GPG signed by Red Hat for security. Our key and details on how to verify the signature are available from:
https://www.redhat.com/security/team/key/#package

The Red Hat security contact is secalert@redhat.com. More contact details at http://www.redhat.com/security/team/contact/