RLSA-2024:1494

See a problem?
Import Source
https://storage.googleapis.com/resf-osv-data/RLSA-2024:1494.json
JSON Data
https://api.osv.dev/v1/vulns/RLSA-2024:1494
Related
Published
2024-03-27T04:34:32.999941Z
Modified
2024-03-27T04:36:48.806576Z
Summary
Moderate: thunderbird security update
Details

Mozilla Thunderbird is a standalone mail and newsgroup client.

This update upgrades Thunderbird to version 115.9.0.

Security Fix(es):

  • nss: timing attack against RSA decryption (CVE-2023-5388)

  • Mozilla: Crash in NSS TLS method (CVE-2024-0743)

  • Mozilla: Leaking of encrypted email subjects to other conversations (CVE-2024-1936)

  • Mozilla: JIT code failed to save return registers on Armv7-A (CVE-2024-2607)

  • Mozilla: Integer overflow could have led to out of bounds write (CVE-2024-2608)

  • Mozilla: Improper handling of html and body tags enabled CSP nonce leakage (CVE-2024-2610)

  • Mozilla: Clickjacking vulnerability could have led to a user accidentally granting permissions (CVE-2024-2611)

  • Mozilla: Self referencing object could have potentially led to a use-after-free (CVE-2024-2612)

  • Mozilla: Memory safety bugs fixed in Firefox 124, Firefox ESR 115.9, and Thunderbird 115.9 (CVE-2024-2614)

For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.

References
Credits
    • Rocky Enterprise Software Foundation
    • Red Hat

Affected packages

Rocky Linux:8 / thunderbird

Package

Name
thunderbird
Purl
pkg:rpm/rocky-linux/thunderbird?distro=rocky-linux-8&epoch=0

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected
Fixed
0:115.9.0-1.el8_9