An updated thunderbird package that fixes multiple security issues is nowavailable for Red Hat Enterprise Linux 5, 6, and 7.Red Hat Product Security has rated this update as having Important securityimpact. Common Vulnerability Scoring System (CVSS) base scores, which givedetailed severity ratings, are available for each vulnerability from theCVE links in the References section.

Mozilla Thunderbird is a standalone mail and newsgroup client.Several flaws were found in the processing of malformed web content. A webpage containing malicious content could cause Thunderbird to crash or,potentially, execute arbitrary code with the privileges of the user runningThunderbird. (CVE-2015-2708, CVE-2015-2710, CVE-2015-2713)A heap-based buffer overflow flaw was found in the way Thunderbirdprocessed compressed XML data. An attacker could create specially craftedcompressed XML content that, when processed by Thunderbird, could cause itto crash or execute arbitrary code with the privileges of the user runningThunderbird. (CVE-2015-2716)Note: All of the above issues cannot be exploited by a specially craftedHTML mail message as JavaScript is disabled by default for mail messages.They could be exploited another way in Thunderbird, for example, whenviewing the full remote content of an RSS feed.Red Hat would like to thank the Mozilla project for reporting these issues.Upstream acknowledges Jesse Ruderman, Mats Palmgren, Byron Campen, SteveFink, Atte Kettunen, Scott Bell, and Ucha Gobejishvili as the originalreporters of these issues.For technical details regarding these flaws, refer to the Mozilla securityadvisories for Thunderbird 31.7. You can find a link to the Mozillaadvisories in the References section of this erratum.All Thunderbird users should upgrade to this updated package, whichcontains Thunderbird version 31.7, which corrects these issues.After installing the update, Thunderbird must be restarted for the changesto take effect.
Before applying this update, make sure all previously released erratarelevant to your system have been applied.For details on how to apply this update, refer to:https://access.redhat.com/articles/11258RHEL Optional Productivity Applications (v. 5 server)

SRPMS:
thunderbird-31.7.0-1.el5_11.src.rpm
    MD5: 231b585788c82f81ef39196d0b59e6bbSHA-256: 27c5e50998775b99bae98712cfe996d45dc9fe8c3c0ae3edd2788d2a7c6094d9
 
IA-32:
thunderbird-31.7.0-1.el5_11.i386.rpm
    MD5: 855194b3634b9c5febeec777b790be78SHA-256: b31b44a4aa6aa029dd1fe7fa873f74ac4b86233e39fd2b5b7d194e33360c2a8b
thunderbird-debuginfo-31.7.0-1.el5_11.i386.rpm
    MD5: 7def2e0ac613baa9426864514310fac3SHA-256: 446b9cb0b3d97dbfa38f4f5990dc201ae146395b0d72b913ae29a972c756d8aa
 
x86_64:
thunderbird-31.7.0-1.el5_11.x86_64.rpm
    MD5: db139e34b2d4648067e719d4bc27f3a8SHA-256: f1cbe5ea36489f71e878cb8740ae845b7942b123180d7adff1a22cbbd1c12b15
thunderbird-debuginfo-31.7.0-1.el5_11.x86_64.rpm
    MD5: 1aa69205c85b6fca33edd9174cc01220SHA-256: 47a796e258798228df10ff06b2deda58178469d1d4472226c3335936574d5467
 
Red Hat Enterprise Linux Desktop (v. 5 client)

SRPMS:
thunderbird-31.7.0-1.el5_11.src.rpm
    MD5: 231b585788c82f81ef39196d0b59e6bbSHA-256: 27c5e50998775b99bae98712cfe996d45dc9fe8c3c0ae3edd2788d2a7c6094d9
 
IA-32:
thunderbird-31.7.0-1.el5_11.i386.rpm
    MD5: 855194b3634b9c5febeec777b790be78SHA-256: b31b44a4aa6aa029dd1fe7fa873f74ac4b86233e39fd2b5b7d194e33360c2a8b
thunderbird-debuginfo-31.7.0-1.el5_11.i386.rpm
    MD5: 7def2e0ac613baa9426864514310fac3SHA-256: 446b9cb0b3d97dbfa38f4f5990dc201ae146395b0d72b913ae29a972c756d8aa
 
x86_64:
thunderbird-31.7.0-1.el5_11.x86_64.rpm
    MD5: db139e34b2d4648067e719d4bc27f3a8SHA-256: f1cbe5ea36489f71e878cb8740ae845b7942b123180d7adff1a22cbbd1c12b15
thunderbird-debuginfo-31.7.0-1.el5_11.x86_64.rpm
    MD5: 1aa69205c85b6fca33edd9174cc01220SHA-256: 47a796e258798228df10ff06b2deda58178469d1d4472226c3335936574d5467
 
Red Hat Enterprise Linux Desktop (v. 6)

SRPMS:
thunderbird-31.7.0-1.el6_6.src.rpm
    MD5: 24eef5f68033ec8cd21ee369b073d71fSHA-256: 7fb973a59094ffdd1e56e869077f6f8187ff0a3db966a604e8a574ce0e8e44d7
 
IA-32:
thunderbird-31.7.0-1.el6_6.i686.rpm
    MD5: 83503265c37e25059d5cc241fefe6f39SHA-256: 38474b74c64ca32e0c6d533d0ec1715c89d9fae19808005388b4f3d9dfe40336
thunderbird-debuginfo-31.7.0-1.el6_6.i686.rpm
    MD5: b57246819d844039f40aecbbc3d715faSHA-256: b62cafcb96409b225e0153e63932e7942fb406da2fce81effad2479d1650705a
 
x86_64:
thunderbird-31.7.0-1.el6_6.x86_64.rpm
    MD5: b888371de1393ddc585f47d408aa5791SHA-256: 6ee98da53b1ead95aa200553c04a91976356f56418d1c38365f664d704b1367f
thunderbird-debuginfo-31.7.0-1.el6_6.x86_64.rpm
    MD5: 8be2134010a0f5da20165eedf2e8e75aSHA-256: 9c3fc71d37914449c17f772213e6798269994a579eaa524d7f5f62352a74f64d
 
Red Hat Enterprise Linux Desktop (v. 7)

SRPMS:
thunderbird-31.7.0-1.el7_1.src.rpm
    MD5: 150b851f7c9d4db61799732b4eb11458SHA-256: c1f2ca87d4b891aa1f4c15ae5fcae0549d9cdd6ce5e2867ad47495f80920736f
 
x86_64:
thunderbird-31.7.0-1.el7_1.x86_64.rpm
    MD5: 173d70fa2ca15765dcee978dba5e0a51SHA-256: b85be8076d72022cb7f14d3afcec3b48f1acf169f56e8d8504437be0862f7edc
thunderbird-debuginfo-31.7.0-1.el7_1.x86_64.rpm
    MD5: e8691cfb130bcc4614380af775413320SHA-256: 61a252d0a88b5ea108aca34acd5a25b5050ecde2319a590a27ef5cf1c3159a0a
 
Red Hat Enterprise Linux Server (v. 6)

SRPMS:
thunderbird-31.7.0-1.el6_6.src.rpm
    MD5: 24eef5f68033ec8cd21ee369b073d71fSHA-256: 7fb973a59094ffdd1e56e869077f6f8187ff0a3db966a604e8a574ce0e8e44d7
 
IA-32:
thunderbird-31.7.0-1.el6_6.i686.rpm
    MD5: 83503265c37e25059d5cc241fefe6f39SHA-256: 38474b74c64ca32e0c6d533d0ec1715c89d9fae19808005388b4f3d9dfe40336
thunderbird-debuginfo-31.7.0-1.el6_6.i686.rpm
    MD5: b57246819d844039f40aecbbc3d715faSHA-256: b62cafcb96409b225e0153e63932e7942fb406da2fce81effad2479d1650705a
 
PPC:
thunderbird-31.7.0-1.el6_6.ppc64.rpm
    MD5: 4cb6fad8ed22c18fd8f80fd189e65a78SHA-256: 31e8a9104d0a69a6a75e364688638cc6fd23dc8b5a21fa47aa33ff6521919a7a
thunderbird-debuginfo-31.7.0-1.el6_6.ppc64.rpm
    MD5: 906873fa85d62cac85dd4df2b9a4b903SHA-256: 7fb2bb3d6fdfd173f18a891b7b0a3005f4cb64c9936a1a7748774ac82f3553fa
 
s390x:
thunderbird-31.7.0-1.el6_6.s390x.rpm
    MD5: 320ac4ed5434cc24f7ab2aa2e9015e42SHA-256: f7584b2b802a55cff695edfcece9b44bd41d651fcde9076bccf4f2e3bb2df34b
thunderbird-debuginfo-31.7.0-1.el6_6.s390x.rpm
    MD5: d254d5e5a674ad96a1d2073967ac6a0dSHA-256: cfa0bb8af81eaecab5b9210c24e069ae5d1ec1cd62bd142c25bc223e9e34c2ec
 
x86_64:
thunderbird-31.7.0-1.el6_6.x86_64.rpm
    MD5: b888371de1393ddc585f47d408aa5791SHA-256: 6ee98da53b1ead95aa200553c04a91976356f56418d1c38365f664d704b1367f
thunderbird-debuginfo-31.7.0-1.el6_6.x86_64.rpm
    MD5: 8be2134010a0f5da20165eedf2e8e75aSHA-256: 9c3fc71d37914449c17f772213e6798269994a579eaa524d7f5f62352a74f64d
 
Red Hat Enterprise Linux Server (v. 7)

SRPMS:
thunderbird-31.7.0-1.el7_1.src.rpm
    MD5: 150b851f7c9d4db61799732b4eb11458SHA-256: c1f2ca87d4b891aa1f4c15ae5fcae0549d9cdd6ce5e2867ad47495f80920736f
 
x86_64:
thunderbird-31.7.0-1.el7_1.x86_64.rpm
    MD5: 173d70fa2ca15765dcee978dba5e0a51SHA-256: b85be8076d72022cb7f14d3afcec3b48f1acf169f56e8d8504437be0862f7edc
thunderbird-debuginfo-31.7.0-1.el7_1.x86_64.rpm
    MD5: e8691cfb130bcc4614380af775413320SHA-256: 61a252d0a88b5ea108aca34acd5a25b5050ecde2319a590a27ef5cf1c3159a0a
 
Red Hat Enterprise Linux Server EUS (v. 6.6.z)

SRPMS:
thunderbird-31.7.0-1.el6_6.src.rpm
    MD5: 24eef5f68033ec8cd21ee369b073d71fSHA-256: 7fb973a59094ffdd1e56e869077f6f8187ff0a3db966a604e8a574ce0e8e44d7
 
IA-32:
thunderbird-31.7.0-1.el6_6.i686.rpm
    MD5: 83503265c37e25059d5cc241fefe6f39SHA-256: 38474b74c64ca32e0c6d533d0ec1715c89d9fae19808005388b4f3d9dfe40336
thunderbird-debuginfo-31.7.0-1.el6_6.i686.rpm
    MD5: b57246819d844039f40aecbbc3d715faSHA-256: b62cafcb96409b225e0153e63932e7942fb406da2fce81effad2479d1650705a
 
PPC:
thunderbird-31.7.0-1.el6_6.ppc64.rpm
    MD5: 4cb6fad8ed22c18fd8f80fd189e65a78SHA-256: 31e8a9104d0a69a6a75e364688638cc6fd23dc8b5a21fa47aa33ff6521919a7a
thunderbird-debuginfo-31.7.0-1.el6_6.ppc64.rpm
    MD5: 906873fa85d62cac85dd4df2b9a4b903SHA-256: 7fb2bb3d6fdfd173f18a891b7b0a3005f4cb64c9936a1a7748774ac82f3553fa
 
s390x:
thunderbird-31.7.0-1.el6_6.s390x.rpm
    MD5: 320ac4ed5434cc24f7ab2aa2e9015e42SHA-256: f7584b2b802a55cff695edfcece9b44bd41d651fcde9076bccf4f2e3bb2df34b
thunderbird-debuginfo-31.7.0-1.el6_6.s390x.rpm
    MD5: d254d5e5a674ad96a1d2073967ac6a0dSHA-256: cfa0bb8af81eaecab5b9210c24e069ae5d1ec1cd62bd142c25bc223e9e34c2ec
 
x86_64:
thunderbird-31.7.0-1.el6_6.x86_64.rpm
    MD5: b888371de1393ddc585f47d408aa5791SHA-256: 6ee98da53b1ead95aa200553c04a91976356f56418d1c38365f664d704b1367f
thunderbird-debuginfo-31.7.0-1.el6_6.x86_64.rpm
    MD5: 8be2134010a0f5da20165eedf2e8e75aSHA-256: 9c3fc71d37914449c17f772213e6798269994a579eaa524d7f5f62352a74f64d
 
Red Hat Enterprise Linux Workstation (v. 6)

SRPMS:
thunderbird-31.7.0-1.el6_6.src.rpm
    MD5: 24eef5f68033ec8cd21ee369b073d71fSHA-256: 7fb973a59094ffdd1e56e869077f6f8187ff0a3db966a604e8a574ce0e8e44d7
 
IA-32:
thunderbird-31.7.0-1.el6_6.i686.rpm
    MD5: 83503265c37e25059d5cc241fefe6f39SHA-256: 38474b74c64ca32e0c6d533d0ec1715c89d9fae19808005388b4f3d9dfe40336
thunderbird-debuginfo-31.7.0-1.el6_6.i686.rpm
    MD5: b57246819d844039f40aecbbc3d715faSHA-256: b62cafcb96409b225e0153e63932e7942fb406da2fce81effad2479d1650705a
 
x86_64:
thunderbird-31.7.0-1.el6_6.x86_64.rpm
    MD5: b888371de1393ddc585f47d408aa5791SHA-256: 6ee98da53b1ead95aa200553c04a91976356f56418d1c38365f664d704b1367f
thunderbird-debuginfo-31.7.0-1.el6_6.x86_64.rpm
    MD5: 8be2134010a0f5da20165eedf2e8e75aSHA-256: 9c3fc71d37914449c17f772213e6798269994a579eaa524d7f5f62352a74f64d
 
Red Hat Enterprise Linux Workstation (v. 7)

SRPMS:
thunderbird-31.7.0-1.el7_1.src.rpm
    MD5: 150b851f7c9d4db61799732b4eb11458SHA-256: c1f2ca87d4b891aa1f4c15ae5fcae0549d9cdd6ce5e2867ad47495f80920736f
 
x86_64:
thunderbird-31.7.0-1.el7_1.x86_64.rpm
    MD5: 173d70fa2ca15765dcee978dba5e0a51SHA-256: b85be8076d72022cb7f14d3afcec3b48f1acf169f56e8d8504437be0862f7edc
thunderbird-debuginfo-31.7.0-1.el7_1.x86_64.rpm
    MD5: e8691cfb130bcc4614380af775413320SHA-256: 61a252d0a88b5ea108aca34acd5a25b5050ecde2319a590a27ef5cf1c3159a0a
 
(The unlinked packages above are only available from the Red Hat Network)
1220597 – CVE-2015-2708 Mozilla: Miscellaneous memory safety hazards (rv:31.7) (MFSA 2015-46)1220601 – CVE-2015-2710 Mozilla: Buffer overflow with SVG content and CSS (MFSA 2015-48)1220605 – CVE-2015-2713 Mozilla: Use-after-free during text processing with vertical text enabled (MFSA 2015-51)1220607 – CVE-2015-2716 Mozilla: Buffer overflow when parsing compressed XML (MFSA 2015-54)

These packages are GPG signed by Red Hat for security. Our key and
details on how to verify the signature are available from:

Leave a Reply