An updated thunderbird package that fixes multiple security issues is nowavailable for Red Hat Enterprise Linux 5, 6, and 7.Red Hat Product Security has rated this update as having Important securityimpact. Common Vulnerability Scoring System (CVSS) base scores, which givedetailed severity ratings, are available for each vulnerability from theCVE links in the References section.

Mozilla Thunderbird is a standalone mail and newsgroup client.Several flaws were found in the processing of malformed web content. A webpage containing malicious content could cause Thunderbird to crash or,potentially, execute arbitrary code with the privileges of the user runningThunderbird. (CVE-2015-2724, CVE-2015-2725, CVE-2015-2731, CVE-2015-2734,CVE-2015-2735, CVE-2015-2736, CVE-2015-2737, CVE-2015-2738, CVE-2015-2739,CVE-2015-2740)It was found that Thunderbird skipped key-pinning checks when handling anerror that could be overridden by the user (for example an expiredcertificate error). This flaw allowed a user to override a pinnedcertificate, which is an action the user should not be able to perform.(CVE-2015-2741)Note: All of the above issues cannot be exploited by a specially craftedHTML mail message as JavaScript is disabled by default for mail messages.They could be exploited another way in Thunderbird, for example, whenviewing the full remote content of an RSS feed.Red Hat would like to thank the Mozilla project for reporting these issues.Upstream acknowledges Bob Clary, Christian Holler, Bobby Holley, AndrewMcCreight, Herre, Ronald Crane, and David Keeler as the original reportersof these issues.For technical details regarding these flaws, refer to the Mozilla securityadvisories for Thunderbird 31.8. You can find a link to the Mozillaadvisories in the References section of this erratum.All Thunderbird users should upgrade to this updated package, whichcontains Thunderbird version 31.8, which corrects these issues.After installing the update, Thunderbird must be restarted for the changesto take effect.
Before applying this update, make sure all previously released erratarelevant to your system have been applied.For details on how to apply this update, refer to:https://access.redhat.com/articles/11258RHEL Optional Productivity Applications (v. 5 server)

SRPMS:
thunderbird-31.8.0-1.el5_11.src.rpm
    MD5: 7e57848a8d82cf126f7212a5ee85d7c5SHA-256: 769d8dedf13458f6e016d7afaf2572c49dd9adf02a7f7791e248f4743af4778b
 
IA-32:
thunderbird-31.8.0-1.el5_11.i386.rpm
    MD5: d9ca0351e866e7a6a9d4268115fbc6d9SHA-256: ea5a5ca50fb3ee27f8360b1025a61583fbadb446a7da8f8d9669ca3f3bf58489
thunderbird-debuginfo-31.8.0-1.el5_11.i386.rpm
    MD5: 108ae0855d3ac0eef7dd579706bd66cdSHA-256: 2c60916fbacf340dd7333e2dc62fa7e3946fcf4844144837aa4915497c9d78a2
 
x86_64:
thunderbird-31.8.0-1.el5_11.x86_64.rpm
    MD5: dace3b70937c5ca0577fbd602638c693SHA-256: 5fd5642887a2b574bdf9c4d2a66e02461fc6956eed5ccf0f646bb072f5e47bd4
thunderbird-debuginfo-31.8.0-1.el5_11.x86_64.rpm
    MD5: adcf9763a64b50de1224395ecbff6401SHA-256: f1d95b1973e064dcb773adb86a7fcb5a0a196bd98e933ec1aaa386d4ac7cc920
 
Red Hat Enterprise Linux Desktop (v. 5 client)

SRPMS:
thunderbird-31.8.0-1.el5_11.src.rpm
    MD5: 7e57848a8d82cf126f7212a5ee85d7c5SHA-256: 769d8dedf13458f6e016d7afaf2572c49dd9adf02a7f7791e248f4743af4778b
 
IA-32:
thunderbird-31.8.0-1.el5_11.i386.rpm
    MD5: d9ca0351e866e7a6a9d4268115fbc6d9SHA-256: ea5a5ca50fb3ee27f8360b1025a61583fbadb446a7da8f8d9669ca3f3bf58489
thunderbird-debuginfo-31.8.0-1.el5_11.i386.rpm
    MD5: 108ae0855d3ac0eef7dd579706bd66cdSHA-256: 2c60916fbacf340dd7333e2dc62fa7e3946fcf4844144837aa4915497c9d78a2
 
x86_64:
thunderbird-31.8.0-1.el5_11.x86_64.rpm
    MD5: dace3b70937c5ca0577fbd602638c693SHA-256: 5fd5642887a2b574bdf9c4d2a66e02461fc6956eed5ccf0f646bb072f5e47bd4
thunderbird-debuginfo-31.8.0-1.el5_11.x86_64.rpm
    MD5: adcf9763a64b50de1224395ecbff6401SHA-256: f1d95b1973e064dcb773adb86a7fcb5a0a196bd98e933ec1aaa386d4ac7cc920
 
Red Hat Enterprise Linux Desktop (v. 6)

SRPMS:
thunderbird-31.8.0-1.el6_6.src.rpm
    MD5: d82df78fe5d5eee6ddf18e57757c76c7SHA-256: 40f71119d0dda98b8a767be4707c0f4685735c54f90e7e0b50eab12d9e201855
 
IA-32:
thunderbird-31.8.0-1.el6_6.i686.rpm
    MD5: 8ef73841e4e126557585b3db35dd8215SHA-256: f1a68fa332cd6901b100c1aa575f2f94f463bac98147dfdc195ff9906948536b
thunderbird-debuginfo-31.8.0-1.el6_6.i686.rpm
    MD5: a41450bb44e04086230e495d1e621d0eSHA-256: 5c225ddfdffc4151cbeccc09597c3a93acb5d0c855e1f032819301601b6c2760
 
x86_64:
thunderbird-31.8.0-1.el6_6.x86_64.rpm
    MD5: 2157bd4d58d82bf23c9f31422ada6cdcSHA-256: e74218ab4abc073a9af60b415f099d86143889082ec629d1cb691f518242bd7f
thunderbird-debuginfo-31.8.0-1.el6_6.x86_64.rpm
    MD5: 49b3d703be5a6812d542c40e4974fbc7SHA-256: 5228106036cd73235ce42e2d7c803af114b44d348aaa00c5e4eb6446836ea118
 
Red Hat Enterprise Linux Desktop (v. 7)

SRPMS:
thunderbird-31.8.0-1.el7_1.src.rpm
    MD5: 83f843d15d2f045077c5bee926e9f1ceSHA-256: 7100c9bc11484329a16ad59ccb1e2786c94c3ce62d181aafa3b5ead0007b4487
 
x86_64:
thunderbird-31.8.0-1.el7_1.x86_64.rpm
    MD5: 4d5d31a14282d9912048ea074cb8ea0eSHA-256: 5a73f99e1d8df0fda91b97047d110902c8f466dfe414a668015e49ece15d1729
thunderbird-debuginfo-31.8.0-1.el7_1.x86_64.rpm
    MD5: b60fbefc7bbde702729aaf5c2cabc755SHA-256: 5e8a8ce68fc70b53f5080b5cd0bf1902b627d019e5d020fbbb0426bed5924b15
 
Red Hat Enterprise Linux Server (v. 6)

SRPMS:
thunderbird-31.8.0-1.el6_6.src.rpm
    MD5: d82df78fe5d5eee6ddf18e57757c76c7SHA-256: 40f71119d0dda98b8a767be4707c0f4685735c54f90e7e0b50eab12d9e201855
 
IA-32:
thunderbird-31.8.0-1.el6_6.i686.rpm
    MD5: 8ef73841e4e126557585b3db35dd8215SHA-256: f1a68fa332cd6901b100c1aa575f2f94f463bac98147dfdc195ff9906948536b
thunderbird-debuginfo-31.8.0-1.el6_6.i686.rpm
    MD5: a41450bb44e04086230e495d1e621d0eSHA-256: 5c225ddfdffc4151cbeccc09597c3a93acb5d0c855e1f032819301601b6c2760
 
PPC:
thunderbird-31.8.0-1.el6_6.ppc64.rpm
    MD5: ba0fa684dc13e8d3544f8b7ab844e68dSHA-256: ad5f485ff093386e2387f928d141958c9fc643c54eb80fbadb2d7a359870d8cf
thunderbird-debuginfo-31.8.0-1.el6_6.ppc64.rpm
    MD5: a6c20a3f863183fa83f539ec7b7e7dd5SHA-256: 288455d43f929030175d55d5dbad37a285dc4d0e0bb8f25af4776b7f561db83a
 
s390x:
thunderbird-31.8.0-1.el6_6.s390x.rpm
    MD5: ea4fde5c7a989e8c12a30c18a02a6432SHA-256: 9e7b59d76d2ee83359e804a6cc6be1bf2a1c8806b49a267ae555bb992cd26672
thunderbird-debuginfo-31.8.0-1.el6_6.s390x.rpm
    MD5: 7c5d119b99b497980ce873002306ee4cSHA-256: 05043ccba6b74192387d4bd2a76f249b6694623e404ec2c435f782eb6bea6d5f
 
x86_64:
thunderbird-31.8.0-1.el6_6.x86_64.rpm
    MD5: 2157bd4d58d82bf23c9f31422ada6cdcSHA-256: e74218ab4abc073a9af60b415f099d86143889082ec629d1cb691f518242bd7f
thunderbird-debuginfo-31.8.0-1.el6_6.x86_64.rpm
    MD5: 49b3d703be5a6812d542c40e4974fbc7SHA-256: 5228106036cd73235ce42e2d7c803af114b44d348aaa00c5e4eb6446836ea118
 
Red Hat Enterprise Linux Server (v. 7)

SRPMS:
thunderbird-31.8.0-1.el7_1.src.rpm
    MD5: 83f843d15d2f045077c5bee926e9f1ceSHA-256: 7100c9bc11484329a16ad59ccb1e2786c94c3ce62d181aafa3b5ead0007b4487
 
x86_64:
thunderbird-31.8.0-1.el7_1.x86_64.rpm
    MD5: 4d5d31a14282d9912048ea074cb8ea0eSHA-256: 5a73f99e1d8df0fda91b97047d110902c8f466dfe414a668015e49ece15d1729
thunderbird-debuginfo-31.8.0-1.el7_1.x86_64.rpm
    MD5: b60fbefc7bbde702729aaf5c2cabc755SHA-256: 5e8a8ce68fc70b53f5080b5cd0bf1902b627d019e5d020fbbb0426bed5924b15
 
Red Hat Enterprise Linux Server EUS (v. 6.6.z)

SRPMS:
thunderbird-31.8.0-1.el6_6.src.rpm
    MD5: d82df78fe5d5eee6ddf18e57757c76c7SHA-256: 40f71119d0dda98b8a767be4707c0f4685735c54f90e7e0b50eab12d9e201855
 
IA-32:
thunderbird-31.8.0-1.el6_6.i686.rpm
    MD5: 8ef73841e4e126557585b3db35dd8215SHA-256: f1a68fa332cd6901b100c1aa575f2f94f463bac98147dfdc195ff9906948536b
thunderbird-debuginfo-31.8.0-1.el6_6.i686.rpm
    MD5: a41450bb44e04086230e495d1e621d0eSHA-256: 5c225ddfdffc4151cbeccc09597c3a93acb5d0c855e1f032819301601b6c2760
 
PPC:
thunderbird-31.8.0-1.el6_6.ppc64.rpm
    MD5: ba0fa684dc13e8d3544f8b7ab844e68dSHA-256: ad5f485ff093386e2387f928d141958c9fc643c54eb80fbadb2d7a359870d8cf
thunderbird-debuginfo-31.8.0-1.el6_6.ppc64.rpm
    MD5: a6c20a3f863183fa83f539ec7b7e7dd5SHA-256: 288455d43f929030175d55d5dbad37a285dc4d0e0bb8f25af4776b7f561db83a
 
s390x:
thunderbird-31.8.0-1.el6_6.s390x.rpm
    MD5: ea4fde5c7a989e8c12a30c18a02a6432SHA-256: 9e7b59d76d2ee83359e804a6cc6be1bf2a1c8806b49a267ae555bb992cd26672
thunderbird-debuginfo-31.8.0-1.el6_6.s390x.rpm
    MD5: 7c5d119b99b497980ce873002306ee4cSHA-256: 05043ccba6b74192387d4bd2a76f249b6694623e404ec2c435f782eb6bea6d5f
 
x86_64:
thunderbird-31.8.0-1.el6_6.x86_64.rpm
    MD5: 2157bd4d58d82bf23c9f31422ada6cdcSHA-256: e74218ab4abc073a9af60b415f099d86143889082ec629d1cb691f518242bd7f
thunderbird-debuginfo-31.8.0-1.el6_6.x86_64.rpm
    MD5: 49b3d703be5a6812d542c40e4974fbc7SHA-256: 5228106036cd73235ce42e2d7c803af114b44d348aaa00c5e4eb6446836ea118
 
Red Hat Enterprise Linux Workstation (v. 6)

SRPMS:
thunderbird-31.8.0-1.el6_6.src.rpm
    MD5: d82df78fe5d5eee6ddf18e57757c76c7SHA-256: 40f71119d0dda98b8a767be4707c0f4685735c54f90e7e0b50eab12d9e201855
 
IA-32:
thunderbird-31.8.0-1.el6_6.i686.rpm
    MD5: 8ef73841e4e126557585b3db35dd8215SHA-256: f1a68fa332cd6901b100c1aa575f2f94f463bac98147dfdc195ff9906948536b
thunderbird-debuginfo-31.8.0-1.el6_6.i686.rpm
    MD5: a41450bb44e04086230e495d1e621d0eSHA-256: 5c225ddfdffc4151cbeccc09597c3a93acb5d0c855e1f032819301601b6c2760
 
x86_64:
thunderbird-31.8.0-1.el6_6.x86_64.rpm
    MD5: 2157bd4d58d82bf23c9f31422ada6cdcSHA-256: e74218ab4abc073a9af60b415f099d86143889082ec629d1cb691f518242bd7f
thunderbird-debuginfo-31.8.0-1.el6_6.x86_64.rpm
    MD5: 49b3d703be5a6812d542c40e4974fbc7SHA-256: 5228106036cd73235ce42e2d7c803af114b44d348aaa00c5e4eb6446836ea118
 
Red Hat Enterprise Linux Workstation (v. 7)

SRPMS:
thunderbird-31.8.0-1.el7_1.src.rpm
    MD5: 83f843d15d2f045077c5bee926e9f1ceSHA-256: 7100c9bc11484329a16ad59ccb1e2786c94c3ce62d181aafa3b5ead0007b4487
 
x86_64:
thunderbird-31.8.0-1.el7_1.x86_64.rpm
    MD5: 4d5d31a14282d9912048ea074cb8ea0eSHA-256: 5a73f99e1d8df0fda91b97047d110902c8f466dfe414a668015e49ece15d1729
thunderbird-debuginfo-31.8.0-1.el7_1.x86_64.rpm
    MD5: b60fbefc7bbde702729aaf5c2cabc755SHA-256: 5e8a8ce68fc70b53f5080b5cd0bf1902b627d019e5d020fbbb0426bed5924b15
 
(The unlinked packages above are only available from the Red Hat Network)
1236947 – CVE-2015-2724 CVE-2015-2725 Mozilla: Miscellaneous memory safety hazards (rv:31.8 / rv:38.1) (MFSA 2015-59)1236953 – CVE-2015-2731 Mozilla: Use-after-free in Content Policy due to microtask execution error (MFSA 2015-63)1236956 – CVE-2015-2734 CVE-2015-2735 CVE-2015-2736 CVE-2015-2737 CVE-2015-2738 CVE-2015-2739 CVE-2015-2740 Mozilla: Vulnerabilities found through code inspection (MFSA 2015-66)1236963 – CVE-2015-2741 Mozilla: Key pinning is ignored when overridable errors are encountered (MFSA 2015-67)

These packages are GPG signed by Red Hat for security. Our key and
details on how to verify the signature are available from:

Leave a Reply