[Apollo] Advisories Statistics light light Login

RLSA-2024:8793

Security Mirrored from RHSA-2024:8793
Issued at: 2024-11-08
Updated at: 2024-11-08

Synopsis

Moderate: thunderbird security update



Description

Mozilla Thunderbird is a standalone mail and newsgroup client.

Security Fix(es):

* firefox: thunderbird: History interface could have been used to cause a Denial of Service condition in the browser (CVE-2024-10464)

* firefox: thunderbird: XSS due to Content-Disposition being ignored in multipart/x-mixed-replace response (CVE-2024-10461)

* firefox: thunderbird: Permission leak via embed or object elements (CVE-2024-10458)

* firefox: thunderbird: Use-after-free in layout with accessibility (CVE-2024-10459)

* firefox: thunderbird: Memory safety bugs fixed in Firefox 132, Thunderbird 132, Firefox ESR 128.4, and Thunderbird 128.4 (CVE-2024-10467)

* firefox: thunderbird: Clipboard "paste" button persisted across tabs (CVE-2024-10465)

* firefox: DOM push subscription message could hang Firefox (CVE-2024-10466)

* firefox: thunderbird: Cross origin video frame leak (CVE-2024-10463)

* firefox: thunderbird: Origin of permission prompt could be spoofed by long URL (CVE-2024-10462)

* firefox: thunderbird: Confusing display of origin for external protocol handler prompt (CVE-2024-10460)

For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.



Affected products

Rocky Linux 9 aarch64 Rocky Linux 9 ppc64le Rocky Linux 9 s390x Rocky Linux 9 x86_64

Fixes

2322424 2322425 2322428 2322429 2322433 2322434 2322438 2322439 2322440 2322444

CVEs

CVE-2024-10458 CVE-2024-10459 CVE-2024-10460 CVE-2024-10461 CVE-2024-10462 CVE-2024-10463 CVE-2024-10464 CVE-2024-10465 CVE-2024-10466 CVE-2024-10467

Affected packages

Rocky Linux 9 aarch64 - AppStream

thunderbird-0:128.4.0-1.el9_4.aarch64.rpm thunderbird-0:128.4.0-1.el9_4.src.rpm thunderbird-debuginfo-0:128.4.0-1.el9_4.aarch64.rpm thunderbird-debugsource-0:128.4.0-1.el9_4.aarch64.rpm

Rocky Linux 9 ppc64le - AppStream

thunderbird-0:128.4.0-1.el9_4.ppc64le.rpm thunderbird-0:128.4.0-1.el9_4.src.rpm thunderbird-debuginfo-0:128.4.0-1.el9_4.ppc64le.rpm thunderbird-debugsource-0:128.4.0-1.el9_4.ppc64le.rpm

Rocky Linux 9 s390x - AppStream

thunderbird-0:128.4.0-1.el9_4.s390x.rpm thunderbird-0:128.4.0-1.el9_4.src.rpm thunderbird-debuginfo-0:128.4.0-1.el9_4.s390x.rpm thunderbird-debugsource-0:128.4.0-1.el9_4.s390x.rpm

Rocky Linux 9 x86_64 - AppStream

thunderbird-0:128.4.0-1.el9_4.src.rpm thunderbird-0:128.4.0-1.el9_4.x86_64.rpm thunderbird-debuginfo-0:128.4.0-1.el9_4.x86_64.rpm thunderbird-debugsource-0:128.4.0-1.el9_4.x86_64.rpm