An updated thunderbird package that fixes multiple security issues is nowavailable for Red Hat Enterprise Linux 5 and 6.Red Hat Product Security has rated this update as having Important securityimpact. Common Vulnerability Scoring System (CVSS) base scores, which givedetailed severity ratings, are available for each vulnerability from theCVE links in the References section.

Mozilla Thunderbird is a standalone mail and newsgroup client.Several flaws were found in the processing of malformed web content. A webpage containing malicious content could cause Thunderbird to crash or,potentially, execute arbitrary code with the privileges of the user runningThunderbird. (CVE-2015-0836, CVE-2015-0831, CVE-2015-0827)An information leak flaw was found in the way Thunderbird implementedautocomplete forms. An attacker able to trick a user into specifying alocal file in the form could use this flaw to access the contents of thatfile. (CVE-2015-0822)Note: All of the above issues cannot be exploited by a specially craftedHTML mail message as JavaScript is disabled by default for mail messages.They could be exploited another way in Thunderbird, for example, whenviewing the full remote content of an RSS feed.Red Hat would like to thank the Mozilla project for reporting these issues.Upstream acknowledges Carsten Book, Christoph Diehl, Gary Kwong, Jan deMooij, Liz Henry, Byron Campen, Tom Schuster, Ryan VanderMeulen, PaulBandha, Abhishek Arya, and Armin Razmdjou as the original reporters ofthese issues.For technical details regarding these flaws, refer to the Mozilla securityadvisories for Thunderbird 31.5.0. You can find a link to the Mozillaadvisories in the References section of this erratum.All Thunderbird users should upgrade to this updated package, whichcontains Thunderbird version 31.5.0, which corrects these issues.After installing the update, Thunderbird must be restarted for the changesto take effect.
Before applying this update, make sure all previously released erratarelevant to your system have been applied.For details on how to apply this update, refer to:https://access.redhat.com/articles/11258RHEL Optional Productivity Applications (v. 5 server)

SRPMS:
thunderbird-31.5.0-1.el5_11.src.rpm
    MD5: 10665ead81d591ec09c188a056515b49SHA-256: 4ef05ce9225d0abfeac63f9527395a9dee2fdd26fba1ed0856eeb41808781c47
 
IA-32:
thunderbird-31.5.0-1.el5_11.i386.rpm
    MD5: 3b7f1d09cb487c860880a6f588b9c9caSHA-256: 979486116bd0d7b064bcab842e19eb1945569ede588fb741d7dfd7d041ab7d3f
thunderbird-debuginfo-31.5.0-1.el5_11.i386.rpm
    MD5: bb976cc04f749141833a1fb8a69bed39SHA-256: fe72fde6f03e3e9542208707739c60665542b9d961711b73390eb44cf32a2094
 
x86_64:
thunderbird-31.5.0-1.el5_11.x86_64.rpm
    MD5: 8ceea87c4dadbd802d0e4dc3f89882c2SHA-256: 43f854c137e746c28397bfc0d68e420b18839d86b76b5de946a548b6e239db94
thunderbird-debuginfo-31.5.0-1.el5_11.x86_64.rpm
    MD5: 0c61c5ecf69dcb99b0927504636c60f5SHA-256: f3a031e9b8707ec4573ecedc6a3900d8f3b8e42df668625056f36209d3c12595
 
Red Hat Enterprise Linux Desktop (v. 5 client)

SRPMS:
thunderbird-31.5.0-1.el5_11.src.rpm
    MD5: 10665ead81d591ec09c188a056515b49SHA-256: 4ef05ce9225d0abfeac63f9527395a9dee2fdd26fba1ed0856eeb41808781c47
 
IA-32:
thunderbird-31.5.0-1.el5_11.i386.rpm
    MD5: 3b7f1d09cb487c860880a6f588b9c9caSHA-256: 979486116bd0d7b064bcab842e19eb1945569ede588fb741d7dfd7d041ab7d3f
thunderbird-debuginfo-31.5.0-1.el5_11.i386.rpm
    MD5: bb976cc04f749141833a1fb8a69bed39SHA-256: fe72fde6f03e3e9542208707739c60665542b9d961711b73390eb44cf32a2094
 
x86_64:
thunderbird-31.5.0-1.el5_11.x86_64.rpm
    MD5: 8ceea87c4dadbd802d0e4dc3f89882c2SHA-256: 43f854c137e746c28397bfc0d68e420b18839d86b76b5de946a548b6e239db94
thunderbird-debuginfo-31.5.0-1.el5_11.x86_64.rpm
    MD5: 0c61c5ecf69dcb99b0927504636c60f5SHA-256: f3a031e9b8707ec4573ecedc6a3900d8f3b8e42df668625056f36209d3c12595
 
Red Hat Enterprise Linux Desktop (v. 6)

SRPMS:
thunderbird-31.5.0-1.el6_6.src.rpm
    MD5: 7b5acda73e5da0a1b9cc786177ca64c9SHA-256: 6054bf39c6988c9715e9f06429b71f89d5d448d9be4920a9a26ed5a5ec3d272e
 
IA-32:
thunderbird-31.5.0-1.el6_6.i686.rpm
    MD5: bbf9f252082170dfcd472faf14fc6bb9SHA-256: ec656357c6396f896df5641d0a921d8519ed863cb06a2f08c8bff5967e67e869
thunderbird-debuginfo-31.5.0-1.el6_6.i686.rpm
    MD5: 5160290a2d76381001888b48c27bb91cSHA-256: 5c45bfa6fd0df1cec4da335ab0109a6f1a61b17a5c3f3737f6bbfc5e6d89c9d1
 
x86_64:
thunderbird-31.5.0-1.el6_6.x86_64.rpm
    MD5: 0838e74706bf77e41f24ddb5327ece6bSHA-256: 8dc5aba5ab7a452c512a82cfb84d97467421eb103226c9c0e8871fbf2f4d53a2
thunderbird-debuginfo-31.5.0-1.el6_6.x86_64.rpm
    MD5: ab1bbe81f368a0ee317e1ddad89b93c7SHA-256: 049462d2aab65ac94abe8966914d3ecd71f218097d12989de5513fc353c4ee24
 
Red Hat Enterprise Linux Server (v. 6)

SRPMS:
thunderbird-31.5.0-1.el6_6.src.rpm
    MD5: 7b5acda73e5da0a1b9cc786177ca64c9SHA-256: 6054bf39c6988c9715e9f06429b71f89d5d448d9be4920a9a26ed5a5ec3d272e
 
IA-32:
thunderbird-31.5.0-1.el6_6.i686.rpm
    MD5: bbf9f252082170dfcd472faf14fc6bb9SHA-256: ec656357c6396f896df5641d0a921d8519ed863cb06a2f08c8bff5967e67e869
thunderbird-debuginfo-31.5.0-1.el6_6.i686.rpm
    MD5: 5160290a2d76381001888b48c27bb91cSHA-256: 5c45bfa6fd0df1cec4da335ab0109a6f1a61b17a5c3f3737f6bbfc5e6d89c9d1
 
PPC:
thunderbird-31.5.0-1.el6_6.ppc64.rpm
    MD5: 2fb3622dbe9873cbf9c544c06426f3bcSHA-256: 4cf0d2775a02432c0b37e67975a72f23d75d919829fdc5c1b37faedf228e55be
thunderbird-debuginfo-31.5.0-1.el6_6.ppc64.rpm
    MD5: 01ec46bee249b69c1f8da02763db9913SHA-256: bbcacc7c6f7835347b28fd9629587532d6254213a63abdedc935ef04e3fe0396
 
s390x:
thunderbird-31.5.0-1.el6_6.s390x.rpm
    MD5: 8a149dfbbef7fe970e7396a97bfe37b8SHA-256: deb365deec0437c7603c4bf3d1171f3569225b753f15cab50c1c376d34f72643
thunderbird-debuginfo-31.5.0-1.el6_6.s390x.rpm
    MD5: 28f8cfdf6402c1d35429375b47f2925bSHA-256: 328fdc70d53b5ce1655e10908e32115540f5d957cb484d51fe5afa14dc1ec2be
 
x86_64:
thunderbird-31.5.0-1.el6_6.x86_64.rpm
    MD5: 0838e74706bf77e41f24ddb5327ece6bSHA-256: 8dc5aba5ab7a452c512a82cfb84d97467421eb103226c9c0e8871fbf2f4d53a2
thunderbird-debuginfo-31.5.0-1.el6_6.x86_64.rpm
    MD5: ab1bbe81f368a0ee317e1ddad89b93c7SHA-256: 049462d2aab65ac94abe8966914d3ecd71f218097d12989de5513fc353c4ee24
 
Red Hat Enterprise Linux Server EUS (v. 6.6.z)

SRPMS:
thunderbird-31.5.0-1.el6_6.src.rpm
    MD5: 7b5acda73e5da0a1b9cc786177ca64c9SHA-256: 6054bf39c6988c9715e9f06429b71f89d5d448d9be4920a9a26ed5a5ec3d272e
 
IA-32:
thunderbird-31.5.0-1.el6_6.i686.rpm
    MD5: bbf9f252082170dfcd472faf14fc6bb9SHA-256: ec656357c6396f896df5641d0a921d8519ed863cb06a2f08c8bff5967e67e869
thunderbird-debuginfo-31.5.0-1.el6_6.i686.rpm
    MD5: 5160290a2d76381001888b48c27bb91cSHA-256: 5c45bfa6fd0df1cec4da335ab0109a6f1a61b17a5c3f3737f6bbfc5e6d89c9d1
 
PPC:
thunderbird-31.5.0-1.el6_6.ppc64.rpm
    MD5: 2fb3622dbe9873cbf9c544c06426f3bcSHA-256: 4cf0d2775a02432c0b37e67975a72f23d75d919829fdc5c1b37faedf228e55be
thunderbird-debuginfo-31.5.0-1.el6_6.ppc64.rpm
    MD5: 01ec46bee249b69c1f8da02763db9913SHA-256: bbcacc7c6f7835347b28fd9629587532d6254213a63abdedc935ef04e3fe0396
 
s390x:
thunderbird-31.5.0-1.el6_6.s390x.rpm
    MD5: 8a149dfbbef7fe970e7396a97bfe37b8SHA-256: deb365deec0437c7603c4bf3d1171f3569225b753f15cab50c1c376d34f72643
thunderbird-debuginfo-31.5.0-1.el6_6.s390x.rpm
    MD5: 28f8cfdf6402c1d35429375b47f2925bSHA-256: 328fdc70d53b5ce1655e10908e32115540f5d957cb484d51fe5afa14dc1ec2be
 
x86_64:
thunderbird-31.5.0-1.el6_6.x86_64.rpm
    MD5: 0838e74706bf77e41f24ddb5327ece6bSHA-256: 8dc5aba5ab7a452c512a82cfb84d97467421eb103226c9c0e8871fbf2f4d53a2
thunderbird-debuginfo-31.5.0-1.el6_6.x86_64.rpm
    MD5: ab1bbe81f368a0ee317e1ddad89b93c7SHA-256: 049462d2aab65ac94abe8966914d3ecd71f218097d12989de5513fc353c4ee24
 
Red Hat Enterprise Linux Workstation (v. 6)

SRPMS:
thunderbird-31.5.0-1.el6_6.src.rpm
    MD5: 7b5acda73e5da0a1b9cc786177ca64c9SHA-256: 6054bf39c6988c9715e9f06429b71f89d5d448d9be4920a9a26ed5a5ec3d272e
 
IA-32:
thunderbird-31.5.0-1.el6_6.i686.rpm
    MD5: bbf9f252082170dfcd472faf14fc6bb9SHA-256: ec656357c6396f896df5641d0a921d8519ed863cb06a2f08c8bff5967e67e869
thunderbird-debuginfo-31.5.0-1.el6_6.i686.rpm
    MD5: 5160290a2d76381001888b48c27bb91cSHA-256: 5c45bfa6fd0df1cec4da335ab0109a6f1a61b17a5c3f3737f6bbfc5e6d89c9d1
 
x86_64:
thunderbird-31.5.0-1.el6_6.x86_64.rpm
    MD5: 0838e74706bf77e41f24ddb5327ece6bSHA-256: 8dc5aba5ab7a452c512a82cfb84d97467421eb103226c9c0e8871fbf2f4d53a2
thunderbird-debuginfo-31.5.0-1.el6_6.x86_64.rpm
    MD5: ab1bbe81f368a0ee317e1ddad89b93c7SHA-256: 049462d2aab65ac94abe8966914d3ecd71f218097d12989de5513fc353c4ee24
 
(The unlinked packages above are only available from the Red Hat Network)
1195605 – CVE-2015-0836 Mozilla: Miscellaneous memory safety hazards (rv:31.5) (MFSA 2015-11)1195619 – CVE-2015-0831 Mozilla: Use-after-free in IndexedDB (MFSA 2015-16)1195623 – CVE-2015-0827 Mozilla: Out-of-bounds read and write while rendering SVG content (MFSA 2015-19)1195638 – CVE-2015-0822 Mozilla: Reading of local files through manipulation of form autocomplete (MFSA 2015-24)

These packages are GPG signed by Red Hat for security. Our key and
details on how to verify the signature are available from:

Leave a Reply