Explore top 10 tips to secure your open-source projects now. Read More
×Important: thunderbird security update. {"type": "TYPE_SECURITY", "shortCode": "RL", "name": "RLSA-2025:0281", "synopsis": "Important: thunderbird security update", "severity": "SEVERITY_IMPORTANT", "topic": "An update is available for thunderbird.\nThis update affects Rocky Linux 8.\nA Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE list", "description": "Mozilla Thunderbird is a standalone mail and newsgroup client.\n\nSecurity Fix(es):\n\n* firefox: thunderbird: Memory safety bugs fixed in Firefox 134, Thunderbird 134, Firefox ESR 128.6, and Thunderbird 128.6 (CVE-2025-0243)\n\n* firefox: thunderbird: Memory safety bugs fixed in Firefox 134, Thunderbird 134, Firefox ESR 115.19, Firefox ESR 128.6, Thunderbird 115.19, and Thunderbird 128.6 (CVE-2025-0242)\n\nFor more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.", "solution": null, "affectedProducts": ["Rocky Linux 8"], "fixes": [{"ticket": "2336175", "sourceBy": "Red Hat", "sourceLink": "https://bugzilla.redhat.com/show_bug.cgi?id=2336175", "description": ""}, {"ticket": "2336181", "sourceBy": "Red Hat", "sourceLink": "https://bugzilla.redhat.com/show_bug.cgi?id=2336181", "description": ""}], "cves": [{"name": "CVE-2025-0242", "sourceBy": "MITRE", "sourceLink": "https://www.cve.org/CVERecord?id=CVE-2025-0242", "cvss3ScoringVector": "UNKNOWN", "cvss3BaseScore": "UNKNOWN", "cwe": "UNKNOWN"}, {"name": "CVE-2025-0243", "sourceBy": "MITRE", "sourceLink": "https://www.cve.org/CVERecord?id=CVE-2025-0243", "cvss3ScoringVector": "UNKNOWN", "cvss3BaseScore": "UNKNOWN", "cwe": "UNKNOWN"}], "references": [], "publishedAt": "2025-01-17T16:13:58.660055Z", "rpms": {"Rocky Linux 8": {"nvras": ["thunderbird-0:128.6.0-3.el8_10.aarch64.rpm", "thunderbird-0:128.6.0-3.el8_10.src.rpm", "thunderbird-0:128.6.0-3.el8_10.x86_64.rpm","thunderbird-debuginfo-0:128.6.0-3.el8_10.aarch64.rpm", "thunderbird-debuginfo-0:128.6.0-3.el8_10.x86_64.rpm", "thunderbird-debugsource-0:128.6.0-3.el8_10.aarch64.rpm", "thunderbird-debugsource-0:128.6.0-3.el8_10.x86_64.rpm"]}}, "rebootSuggested": false, "buildReferences": []}. Rocky Linux delivers an essential update for Firefox that tackles vulnerabilities related to memory handling to bolster system protection.. Rocky Linux Thunderbird Update, Security Fixes, Memory Safety Bugs, Software Update. . Severity: Important. LinuxSecurity.com Team
Important: thunderbird security update. {"type": "TYPE_SECURITY", "shortCode": "RL", "name": "RLSA-2024:10591", "synopsis": "Important: thunderbird security update", "severity": "SEVERITY_IMPORTANT", "topic": "An update is available for thunderbird.\nThis update affects Rocky Linux 8.\nA Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE list", "description": "Mozilla Thunderbird is a standalone mail and newsgroup client.\n\nSecurity Fix(es):\n\n* thunderbird: Potential disclosure of plaintext in OpenPGP encrypted message (CVE-2024-11159)\n\n* firefox: thunderbird: CSP Bypass and XSS Exposure via Web Compatibility Shims (CVE-2024-11694)\n\n* firefox: thunderbird: Unhandled Exception in Add-on Signature Verification (CVE-2024-11696)\n\n* firefox: thunderbird: Select list elements could be shown over another site (CVE-2024-11692)\n\n* firefox: thunderbird: Memory safety bugs fixed in Firefox 133, Thunderbird 133, Firefox ESR 128.5, and Thunderbird 128.5 (CVE-2024-11699)\n\n* firefox: thunderbird: URL Bar Spoofing via Manipulated Punycode and Whitespace Characters (CVE-2024-11695)\n\n* firefox: thunderbird: Improper Keypress Handling in Executable File Confirmation Dialog (CVE-2024-11697)\n\nFor more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.", "solution": null, "affectedProducts": ["Rocky Linux 8"], "fixes": [{"ticket": "2325896", "sourceBy": "Red Hat", "sourceLink": "https://bugzilla.redhat.com/show_bug.cgi?id=2325896", "description": ""}, {"ticket": "2328941", "sourceBy": "Red Hat", "sourceLink": "https://bugzilla.redhat.com/show_bug.cgi?id=2328941", "description": ""}, {"ticket": "2328943", "sourceBy": "Red Hat", "sourceLink": "https://bugzilla.redhat.com/show_bug.cgi?id=2328943", "description": ""}, {"ticket": "2328946", "sourceBy": "Red Hat", "sourceLink":"https://bugzilla.redhat.com/show_bug.cgi?id=2328946", "description": ""}, {"ticket": "2328947", "sourceBy": "Red Hat", "sourceLink": "https://bugzilla.redhat.com/show_bug.cgi?id=2328947", "description": ""}, {"ticket": "2328948", "sourceBy": "Red Hat", "sourceLink": "https://bugzilla.redhat.com/show_bug.cgi?id=2328948", "description": ""}, {"ticket": "2328950", "sourceBy": "Red Hat", "sourceLink": "https://bugzilla.redhat.com/show_bug.cgi?id=2328950", "description": ""}], "cves": [{"name": "CVE-2024-11159", "sourceBy": "MITRE", "sourceLink": "https://www.cve.org/CVERecord?id=CVE-2024-11159", "cvss3ScoringVector": "UNKNOWN", "cvss3BaseScore": "UNKNOWN", "cwe": "UNKNOWN"}, {"name": "CVE-2024-11692", "sourceBy": "MITRE", "sourceLink": "https://www.cve.org/CVERecord?id=CVE-2024-11692", "cvss3ScoringVector": "UNKNOWN", "cvss3BaseScore": "UNKNOWN", "cwe": "UNKNOWN"}, {"name": "CVE-2024-11694", "sourceBy": "MITRE", "sourceLink": "https://www.cve.org/CVERecord?id=CVE-2024-11694", "cvss3ScoringVector": "UNKNOWN", "cvss3BaseScore": "UNKNOWN", "cwe": "UNKNOWN"}, {"name": "CVE-2024-11695", "sourceBy": "MITRE", "sourceLink": "https://www.cve.org/CVERecord?id=CVE-2024-11695", "cvss3ScoringVector": "UNKNOWN", "cvss3BaseScore": "UNKNOWN", "cwe": "UNKNOWN"}, {"name": "CVE-2024-11696", "sourceBy": "MITRE", "sourceLink": "https://www.cve.org/CVERecord?id=CVE-2024-11696", "cvss3ScoringVector": "UNKNOWN", "cvss3BaseScore": "UNKNOWN", "cwe": "UNKNOWN"}, {"name": "CVE-2024-11697", "sourceBy": "MITRE", "sourceLink": "https://www.cve.org/CVERecord?id=CVE-2024-11697", "cvss3ScoringVector": "UNKNOWN", "cvss3BaseScore": "UNKNOWN", "cwe": "UNKNOWN"}, {"name": "CVE-2024-11699", "sourceBy": "MITRE", "sourceLink": "https://www.cve.org/CVERecord?id=CVE-2024-11699", "cvss3ScoringVector": "UNKNOWN", "cvss3BaseScore": "UNKNOWN", "cwe": "UNKNOWN"}], "references": [], "publishedAt": "2024-12-19T04:18:05.672002Z", "rpms": {"Rocky Linux 8": {"nvras": ["thunderbird-0:128.5.0-1.el8_10.aarch64.rpm", "thunderbird-0:128.5.0-1.el8_10.src.rpm","thunderbird-0:128.5.0-1.el8_10.x86_64.rpm", "thunderbird-debuginfo-0:128.5.0-1.el8_10.aarch64.rpm", "thunderbird-debuginfo-0:128.5.0-1.el8_10.x86_64.rpm", "thunderbird-debugsource-0:128.5.0-1.el8_10.aarch64.rpm", "thunderbird-debugsource-0:128.5.0-1.el8_10.x86_64.rpm"]}}, "rebootSuggested": false, "buildReferences": []}. Boosting protection for Thunderbird on Rocky Linux 8; crucial upgrades are currently available for improved danger defense.. Thunderbird Security Update, Rocky Linux Thunderbird Fix, Mail Client Security, Important Security Advisory, Thunderbird Vulnerabilities. . Severity: Important. LinuxSecurity.com Team
The following updated rpms for Oracle Linux 8 have been uploaded to the Unbreakable Linux Network: . Oracle Linux Security Advisory ELSA-2024-10591 http://linux.oracle.com/errata/ELSA-2024-10591.html The following updated rpms for Oracle Linux 8 have been uploaded to the Unbreakable Linux Network: x86_64: thunderbird-128.5.0-1.0.1.el8_10.x86_64.rpm aarch64: thunderbird-128.5.0-1.0.1.el8_10.aarch64.rpm SRPMS: https://oss.oracle.com:443/ol8/SRPMS-updates//thunderbird-128.5.0-1.0.1.el8_10.src.rpm Related CVEs: CVE-2024-11159 CVE-2024-11692 CVE-2024-11694 CVE-2024-11695 CVE-2024-11696 CVE-2024-11697 CVE-2024-11699 Description of changes: [128.5.0-1.0.1] - Fix prefs for new nss [Orabug: 37079820] - Add Oracle prefs file [128.5.0] - Add OpenELA debranding [128.5.0-1] - Update to 128.5.0 build1 _______________________________________________ El-errata mailing list
The following updated rpms for Oracle Linux 9 have been uploaded to the Unbreakable Linux Network: . Oracle Linux Security Advisory ELSA-2024-9552 http://linux.oracle.com/errata/ELSA-2024-9552.html The following updated rpms for Oracle Linux 9 have been uploaded to the Unbreakable Linux Network: x86_64: thunderbird-128.4.0-1.0.1.el9_5.x86_64.rpm aarch64: thunderbird-128.4.0-1.0.1.el9_5.aarch64.rpm SRPMS: http://oss.oracle.com/ol9/SRPMS-updates//thunderbird-128.4.0-1.0.1.el9_5.src.rpm Related CVEs: CVE-2024-9680 CVE-2024-10458 CVE-2024-10459 CVE-2024-10460 CVE-2024-10461 CVE-2024-10462 CVE-2024-10463 CVE-2024-10464 CVE-2024-10465 CVE-2024-10466 CVE-2024-10467 Description of changes: [128.4.0-1.0.1] - Fix prefs for new nss [Orabug: 37079813] - Add Oracle prefs [128.4.0] - Add OpenELA debranding [128.4.0-1] - Update to 128.4.0 build1 _______________________________________________ El-errata mailing list
New mozilla-thunderbird packages are available for Slackware 15.0 and -current to fix security issues. . -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 [slackware-security] mozilla-thunderbird (SSA:2024-304-03) New mozilla-thunderbird packages are available for Slackware 15.0 and -current to fix security issues. Here are the details from the Slackware 15.0 ChangeLog: +--------------------------+ patches/packages/mozilla-thunderbird-128.4.0esr-i686-1_slack15.0.txz: Upgraded. This release contains security fixes and improvements. For more information, see: https://www.thunderbird.net/en-US/thunderbird/128.4.0esr/releasenotes/ https://www.mozilla.org/en-US/security/advisories/mfsa2024-58/ https://www.cve.org/CVERecord?id=CVE-2024-10458 https://www.cve.org/CVERecord?id=CVE-2024-10459 https://www.cve.org/CVERecord?id=CVE-2024-10460 https://www.cve.org/CVERecord?id=CVE-2024-10461 https://www.cve.org/CVERecord?id=CVE-2024-10462 https://www.cve.org/CVERecord?id=CVE-2024-10463 https://www.cve.org/CVERecord?id=CVE-2024-10464 https://www.cve.org/CVERecord?id=CVE-2024-10465 https://www.cve.org/CVERecord?id=CVE-2024-10466 https://www.cve.org/CVERecord?id=CVE-2024-10467 (* Security fix *) +--------------------------+ Where to find the new packages: +-----------------------------+ Thanks to the friendly folks at the OSU Open Source Lab (http://osuosl.org) for donating FTP and rsync hosting to the Slackware project! :-) Also see the "Get Slack" section on http://www.slackware.com/ for additional mirror sites near you. Updated package for Slackware 15.0: ftp://ftp.slackware.com/pub/slackware/slackware-15.0/patches/packages/mozilla-thunderbird-128.4.0esr-i686-1_slack15.0.txz Updated package for Slackware x86_64 15.0: ftp://ftp.slackware.com/pub/slackware/slackware64-15.0/patches/packages/mozilla-thunderbird-128.4.0esr-x86_64-1_slack15.0.txz Updated package for Slackware-current: ftp://ftp.slackware.com/pub/slackware/slackware-current/slackware/xap/mozilla-thunderbird-128.4.0esr-i686-1.txz Updated package for Slackware x86_64 -current: ftp://ftp.slackware.com/pub/slackware/slackware64-current/slackware64/xap/mozilla-thunderbird-128.4.0esr-x86_64-1.txz MD5 signatures: +-------------+ Slackware 15.0 package: 8202f1f4a0aa23bde158c8f1d8d15a63 mozilla-thunderbird-128.4.0esr-i686-1_slack15.0.txz Slackware x86_64 15.0 package: 389ffb2ecb9bca6b5c6207667e655eb0 mozilla-thunderbird-128.4.0esr-x86_64-1_slack15.0.txz Slackware -current package: d46ad813909083e0d31a5ee7f53f9356 xap/mozilla-thunderbird-128.4.0esr-i686-1.txz Slackware x86_64 -current package: 6d22276ef05d2e25e48d04088e2f4e98 xap/mozilla-thunderbird-128.4.0esr-x86_64-1.txz Installation instructions: +------------------------+ Upgrade the package as root: # upgradepkg mozilla-thunderbird-128.4.0esr-i686-1_slack15.0.txz +-----+ . Take action today by installing the latest mozilla-thunderbird updates for Slackware 15.0 to mitigate security vulnerabilities!. Mozilla Thunderbird Update, Slackware Security Advisory, Security Packages. . Severity: Important. LinuxSecurity.com Team
The following updated rpms for Oracle Linux 8 have been uploaded to the Unbreakable Linux Network: . Oracle Linux Security Advisory ELSA-2024-4036 http://linux.oracle.com/errata/ELSA-2024-4036.html The following updated rpms for Oracle Linux 8 have been uploaded to the Unbreakable Linux Network: x86_64: thunderbird-115.12.1-1.0.1.el8_10.x86_64.rpm aarch64: thunderbird-115.12.1-1.0.1.el8_10.aarch64.rpm SRPMS: http://oss.oracle.com/ol8/SRPMS-updates//thunderbird-115.12.1-1.0.1.el8_10.src.rpm Related CVEs: CVE-2024-5688 CVE-2024-5690 CVE-2024-5691 CVE-2024-5693 CVE-2024-5696 CVE-2024-5700 CVE-2024-5702 Description of changes: [115.12.1-1.0.1] - Add Oracle prefs file [115.12.1] - Add OpenELA debranding [115.12.1-1] - Update to 115.12.1 build1 [115.12.0-2] - Update to 115.12.0 build2 [115.12.0-1] - Update to 115.12.0 build1 _______________________________________________ El-errata mailing list
The following updated rpms for Oracle Linux 7 have been uploaded to the Unbreakable Linux Network: . Oracle Linux Security Advisory ELSA-2024-1498 https://linux.oracle.com/errata/ELSA-2024-1498.html The following updated rpms for Oracle Linux 7 have been uploaded to the Unbreakable Linux Network: x86_64: thunderbird-115.9.0-1.0.1.el7_9.x86_64.rpm SRPMS: https://oss.oracle.com:443/ol7/SRPMS-updates//thunderbird-115.9.0-1.0.1.el7_9.src.rpm Related CVEs: CVE-2023-5388 CVE-2024-0743 CVE-2024-1936 CVE-2024-2607 CVE-2024-2608 CVE-2024-2610 CVE-2024-2611 CVE-2024-2612 CVE-2024-2614 Description of changes: [115.9.0-1.0.1] - Replaced thunderbird-redhat-default-prefs.js with thunderbird-oracle-default-prefs.js - Enabled aarch64 build [115.9.0-1] - Update to 115.9.0 build1 - Fix expat CVE-2023-52425 _______________________________________________ El-errata mailing list
The following updated rpms for Oracle Linux 7 have been uploaded to the Unbreakable Linux Network: . Oracle Linux Security Advisory ELSA-2023-7505 https://linux.oracle.com/errata/ELSA-2023-7505.html The following updated rpms for Oracle Linux 7 have been uploaded to the Unbreakable Linux Network: x86_64: thunderbird-115.5.0-1.0.1.el7_9.x86_64.rpm SRPMS: https://oss.oracle.com:443/ol7/SRPMS-updates//thunderbird-115.5.0-1.0.1.el7_9.src.rpm Related CVEs: CVE-2023-6204 CVE-2023-6205 CVE-2023-6206 CVE-2023-6207 CVE-2023-6208 CVE-2023-6209 CVE-2023-6212 Description of changes: [115.5.0-1.0.1] - Replaced thunderbird-redhat-default-prefs.js with thunderbird-oracle-default-prefs.js - Enabled aarch64 build [115.5.0-1] - Update to 115.5.0 build1 _______________________________________________ El-errata mailing list
Get the latest Linux and open source security news straight to your inbox.