An updated thunderbird package that fixes multiple security issues is nowavailable for Red Hat Enterprise Linux 5, 6, and 7.Red Hat Product Security has rated this update as having Important securityimpact. Common Vulnerability Scoring System (CVSS) base scores, which givedetailed severity ratings, are available for each vulnerability from theCVE links in the References section.

Mozilla Thunderbird is a standalone mail and newsgroup client.Several flaws were found in the processing of malformed web content. A webpage containing malicious content could cause Thunderbird to crash or,potentially, execute arbitrary code with the privileges of the user runningThunderbird. (CVE-2015-0813, CVE-2015-0815, CVE-2015-0801)A flaw was found in the way documents were loaded via resource URLs.An attacker could use this flaw to bypass certain restrictions and undercertain conditions even execute arbitrary code with the privileges of theuser running Thunderbird. (CVE-2015-0816)A flaw was found in the Beacon interface implementation in Thunderbird.A web page containing malicious content could allow a remote attacker toconduct a Cross-Site Request Forgery (CSRF) attack. (CVE-2015-0807)Note: All of the above issues cannot be exploited by a specially craftedHTML mail message as JavaScript is disabled by default for mail messages.They could be exploited another way in Thunderbird, for example, whenviewing the full remote content of an RSS feed.Red Hat would like to thank the Mozilla project for reporting these issues.Upstream acknowledges Christian Holler, Byron Campen, Steve Fink, MariuszMlynski, Christoph Kerschbaumer, Muneaki Nishimura, Olli Pettay, BorisZbarsky, and Aki Helin as the original reporters of these issues.For technical details regarding these flaws, refer to the Mozilla securityadvisories for Thunderbird 31.6.0. You can find a link to the Mozillaadvisories in the References section of this erratum.All Thunderbird users should upgrade to this updated package, whichcontains Thunderbird version 31.6.0, which corrects these issues.After installing the update, Thunderbird must be restarted for the changesto take effect.
Before applying this update, make sure all previously released erratarelevant to your system have been applied.For details on how to apply this update, refer to:https://access.redhat.com/articles/11258RHEL Optional Productivity Applications (v. 5 server)

SRPMS:
thunderbird-31.6.0-1.el5_11.src.rpm
    MD5: 96cf3d7e89286c2cb1ec51479caa1c40SHA-256: c9fd5220093c14ec9c92f758226b39a4080716fcae77da36278ac2dce5482e16
 
IA-32:
thunderbird-31.6.0-1.el5_11.i386.rpm
    MD5: 60bf55f6ced53475386626054b475994SHA-256: 3cc6217ee8845fb9b6b6456c6a7aef65fc3ba5f6ef987b9bb056a04e5db2a8fa
thunderbird-debuginfo-31.6.0-1.el5_11.i386.rpm
    MD5: 6cb51f2c0934816adb6607d21f9c81d4SHA-256: 52aeda8eb489673dfa8e61233d17c96c59c37442c32303f59c350dede8030368
 
x86_64:
thunderbird-31.6.0-1.el5_11.x86_64.rpm
    MD5: af4436e5188538146f840d8827ab5ca0SHA-256: 047d683313ff9aa027a434096f35eee98cacd743badb3a64e92cd9aaa564a37b
thunderbird-debuginfo-31.6.0-1.el5_11.x86_64.rpm
    MD5: d7955b4fc45ce29ae1f00e99ead96112SHA-256: 39b88fe7a632fe26aabf7a24b453035247763de4e06e7f46755a2e6662f47a08
 
Red Hat Enterprise Linux Desktop (v. 5 client)

SRPMS:
thunderbird-31.6.0-1.el5_11.src.rpm
    MD5: 96cf3d7e89286c2cb1ec51479caa1c40SHA-256: c9fd5220093c14ec9c92f758226b39a4080716fcae77da36278ac2dce5482e16
 
IA-32:
thunderbird-31.6.0-1.el5_11.i386.rpm
    MD5: 60bf55f6ced53475386626054b475994SHA-256: 3cc6217ee8845fb9b6b6456c6a7aef65fc3ba5f6ef987b9bb056a04e5db2a8fa
thunderbird-debuginfo-31.6.0-1.el5_11.i386.rpm
    MD5: 6cb51f2c0934816adb6607d21f9c81d4SHA-256: 52aeda8eb489673dfa8e61233d17c96c59c37442c32303f59c350dede8030368
 
x86_64:
thunderbird-31.6.0-1.el5_11.x86_64.rpm
    MD5: af4436e5188538146f840d8827ab5ca0SHA-256: 047d683313ff9aa027a434096f35eee98cacd743badb3a64e92cd9aaa564a37b
thunderbird-debuginfo-31.6.0-1.el5_11.x86_64.rpm
    MD5: d7955b4fc45ce29ae1f00e99ead96112SHA-256: 39b88fe7a632fe26aabf7a24b453035247763de4e06e7f46755a2e6662f47a08
 
Red Hat Enterprise Linux Desktop (v. 6)

SRPMS:
thunderbird-31.6.0-1.el6_6.src.rpm
    MD5: 275cee13441c3be672112e53ab64ddb2SHA-256: 6388840efd7453a2338f4a7bb6212a5438a4a53586cf9b9c86e196bf699bfce3
 
IA-32:
thunderbird-31.6.0-1.el6_6.i686.rpm
    MD5: 0a077411ad3f0f2e2ecfe18ebf2ee22fSHA-256: e908a7751be1f91050f2b1d75a07dfbeaa35b7c383a00910d1c2f41aa4309f7c
thunderbird-debuginfo-31.6.0-1.el6_6.i686.rpm
    MD5: 7c8f588965eb4b73cddc654765650765SHA-256: 3002b0beec49aeac02167b5af76046f052eb87a397dcb39f7ae5743e29ec113f
 
x86_64:
thunderbird-31.6.0-1.el6_6.x86_64.rpm
    MD5: c7c376739cdd8bff3d7191b6984afc05SHA-256: fe70a4a534f68f960fd41906aa5ea08b511838048abab0d24fdb60987a10e1ee
thunderbird-debuginfo-31.6.0-1.el6_6.x86_64.rpm
    MD5: c22521b9ad09702d38c9b16fd4c46d2eSHA-256: 050eff83a5ea590d2ff0ecd59b8787daa4d63d268ae5f5d82616556833625d2b
 
Red Hat Enterprise Linux Desktop (v. 7)

SRPMS:
thunderbird-31.6.0-1.el7_1.src.rpm
    MD5: e1543287ad23a731b470af19fa1d1e5fSHA-256: 963f9338ffc1ae07829ad55566a095de41b8ff3818b5b856bf8e5797da565308
 
x86_64:
thunderbird-31.6.0-1.el7_1.x86_64.rpm
    MD5: 325ce229f5a8de0ab1a6163946281606SHA-256: f4f0a64a2cb0b667a09822179337bd54437aebae25e23cfb3f55ab5967a06aa8
thunderbird-debuginfo-31.6.0-1.el7_1.x86_64.rpm
    MD5: c09cd9097a4034a5e2cc5e9d82e88dd0SHA-256: 9342c30652ffaa5f4cc0650e6f98b4e35d6651c49b717dd1944b343a226f8230
 
Red Hat Enterprise Linux Server (v. 6)

SRPMS:
thunderbird-31.6.0-1.el6_6.src.rpm
    MD5: 275cee13441c3be672112e53ab64ddb2SHA-256: 6388840efd7453a2338f4a7bb6212a5438a4a53586cf9b9c86e196bf699bfce3
 
IA-32:
thunderbird-31.6.0-1.el6_6.i686.rpm
    MD5: 0a077411ad3f0f2e2ecfe18ebf2ee22fSHA-256: e908a7751be1f91050f2b1d75a07dfbeaa35b7c383a00910d1c2f41aa4309f7c
thunderbird-debuginfo-31.6.0-1.el6_6.i686.rpm
    MD5: 7c8f588965eb4b73cddc654765650765SHA-256: 3002b0beec49aeac02167b5af76046f052eb87a397dcb39f7ae5743e29ec113f
 
PPC:
thunderbird-31.6.0-1.el6_6.ppc64.rpm
    MD5: 31f2f028abe11a51bdda53a2492ccc35SHA-256: 0bec02df617f6096f6d1675f680e6f8e5613f760bbb5d1a7140f38d6efdc8fc8
thunderbird-debuginfo-31.6.0-1.el6_6.ppc64.rpm
    MD5: a7021db908477c7ca37c5287a694b4d2SHA-256: ecc6954991105323068afeb5538e9584b8406efde83f7e207787d32cfc9a5fe2
 
s390x:
thunderbird-31.6.0-1.el6_6.s390x.rpm
    MD5: 4d7268c1901bab9b674a463c42863264SHA-256: 1330144367055dbae1d8727c794169e3f6af22aaf60cd9cfa8dd89401a832d9c
thunderbird-debuginfo-31.6.0-1.el6_6.s390x.rpm
    MD5: dcfe99f147978b6de1c096e353f1b04dSHA-256: 74f8a9f92e0ee0ae0a94dca1639b28c81c0b2a268d2ecf3e355de243fe8e4844
 
x86_64:
thunderbird-31.6.0-1.el6_6.x86_64.rpm
    MD5: c7c376739cdd8bff3d7191b6984afc05SHA-256: fe70a4a534f68f960fd41906aa5ea08b511838048abab0d24fdb60987a10e1ee
thunderbird-debuginfo-31.6.0-1.el6_6.x86_64.rpm
    MD5: c22521b9ad09702d38c9b16fd4c46d2eSHA-256: 050eff83a5ea590d2ff0ecd59b8787daa4d63d268ae5f5d82616556833625d2b
 
Red Hat Enterprise Linux Server (v. 7)

SRPMS:
thunderbird-31.6.0-1.el7_1.src.rpm
    MD5: e1543287ad23a731b470af19fa1d1e5fSHA-256: 963f9338ffc1ae07829ad55566a095de41b8ff3818b5b856bf8e5797da565308
 
x86_64:
thunderbird-31.6.0-1.el7_1.x86_64.rpm
    MD5: 325ce229f5a8de0ab1a6163946281606SHA-256: f4f0a64a2cb0b667a09822179337bd54437aebae25e23cfb3f55ab5967a06aa8
thunderbird-debuginfo-31.6.0-1.el7_1.x86_64.rpm
    MD5: c09cd9097a4034a5e2cc5e9d82e88dd0SHA-256: 9342c30652ffaa5f4cc0650e6f98b4e35d6651c49b717dd1944b343a226f8230
 
Red Hat Enterprise Linux Server EUS (v. 6.6.z)

SRPMS:
thunderbird-31.6.0-1.el6_6.src.rpm
    MD5: 275cee13441c3be672112e53ab64ddb2SHA-256: 6388840efd7453a2338f4a7bb6212a5438a4a53586cf9b9c86e196bf699bfce3
 
IA-32:
thunderbird-31.6.0-1.el6_6.i686.rpm
    MD5: 0a077411ad3f0f2e2ecfe18ebf2ee22fSHA-256: e908a7751be1f91050f2b1d75a07dfbeaa35b7c383a00910d1c2f41aa4309f7c
thunderbird-debuginfo-31.6.0-1.el6_6.i686.rpm
    MD5: 7c8f588965eb4b73cddc654765650765SHA-256: 3002b0beec49aeac02167b5af76046f052eb87a397dcb39f7ae5743e29ec113f
 
PPC:
thunderbird-31.6.0-1.el6_6.ppc64.rpm
    MD5: 31f2f028abe11a51bdda53a2492ccc35SHA-256: 0bec02df617f6096f6d1675f680e6f8e5613f760bbb5d1a7140f38d6efdc8fc8
thunderbird-debuginfo-31.6.0-1.el6_6.ppc64.rpm
    MD5: a7021db908477c7ca37c5287a694b4d2SHA-256: ecc6954991105323068afeb5538e9584b8406efde83f7e207787d32cfc9a5fe2
 
s390x:
thunderbird-31.6.0-1.el6_6.s390x.rpm
    MD5: 4d7268c1901bab9b674a463c42863264SHA-256: 1330144367055dbae1d8727c794169e3f6af22aaf60cd9cfa8dd89401a832d9c
thunderbird-debuginfo-31.6.0-1.el6_6.s390x.rpm
    MD5: dcfe99f147978b6de1c096e353f1b04dSHA-256: 74f8a9f92e0ee0ae0a94dca1639b28c81c0b2a268d2ecf3e355de243fe8e4844
 
x86_64:
thunderbird-31.6.0-1.el6_6.x86_64.rpm
    MD5: c7c376739cdd8bff3d7191b6984afc05SHA-256: fe70a4a534f68f960fd41906aa5ea08b511838048abab0d24fdb60987a10e1ee
thunderbird-debuginfo-31.6.0-1.el6_6.x86_64.rpm
    MD5: c22521b9ad09702d38c9b16fd4c46d2eSHA-256: 050eff83a5ea590d2ff0ecd59b8787daa4d63d268ae5f5d82616556833625d2b
 
Red Hat Enterprise Linux Workstation (v. 6)

SRPMS:
thunderbird-31.6.0-1.el6_6.src.rpm
    MD5: 275cee13441c3be672112e53ab64ddb2SHA-256: 6388840efd7453a2338f4a7bb6212a5438a4a53586cf9b9c86e196bf699bfce3
 
IA-32:
thunderbird-31.6.0-1.el6_6.i686.rpm
    MD5: 0a077411ad3f0f2e2ecfe18ebf2ee22fSHA-256: e908a7751be1f91050f2b1d75a07dfbeaa35b7c383a00910d1c2f41aa4309f7c
thunderbird-debuginfo-31.6.0-1.el6_6.i686.rpm
    MD5: 7c8f588965eb4b73cddc654765650765SHA-256: 3002b0beec49aeac02167b5af76046f052eb87a397dcb39f7ae5743e29ec113f
 
x86_64:
thunderbird-31.6.0-1.el6_6.x86_64.rpm
    MD5: c7c376739cdd8bff3d7191b6984afc05SHA-256: fe70a4a534f68f960fd41906aa5ea08b511838048abab0d24fdb60987a10e1ee
thunderbird-debuginfo-31.6.0-1.el6_6.x86_64.rpm
    MD5: c22521b9ad09702d38c9b16fd4c46d2eSHA-256: 050eff83a5ea590d2ff0ecd59b8787daa4d63d268ae5f5d82616556833625d2b
 
Red Hat Enterprise Linux Workstation (v. 7)

SRPMS:
thunderbird-31.6.0-1.el7_1.src.rpm
    MD5: e1543287ad23a731b470af19fa1d1e5fSHA-256: 963f9338ffc1ae07829ad55566a095de41b8ff3818b5b856bf8e5797da565308
 
x86_64:
thunderbird-31.6.0-1.el7_1.x86_64.rpm
    MD5: 325ce229f5a8de0ab1a6163946281606SHA-256: f4f0a64a2cb0b667a09822179337bd54437aebae25e23cfb3f55ab5967a06aa8
thunderbird-debuginfo-31.6.0-1.el7_1.x86_64.rpm
    MD5: c09cd9097a4034a5e2cc5e9d82e88dd0SHA-256: 9342c30652ffaa5f4cc0650e6f98b4e35d6651c49b717dd1944b343a226f8230
 
(The unlinked packages above are only available from the Red Hat Network)
1207068 – CVE-2015-0815 Mozilla: Miscellaneous memory safety hazards (rv:31.6) (MFSA 2015-30)1207072 – CVE-2015-0816 Mozilla: resource:// documents can load privileged pages (MFSA 2015-33)1207076 – CVE-2015-0807 Mozilla: CORS requests should not follow 30x redirections after preflight (MFSA 2015-37)1207084 – CVE-2015-0801 Mozilla: Same-origin bypass through anchor navigation (MFSA 2015-40)1207088 – CVE-2015-0813 Mozilla: Use-after-free when using the Fluendo MP3 GStreamer plugin (MFSA 2015-31)

These packages are GPG signed by Red Hat for security. Our key and
details on how to verify the signature are available from:

Leave a Reply