{"schema_version": "1.3.1", "id": "RLSA-2024:1494", "modified": "2024-03-27T04:36:48.806576Z", "published": "2024-03-27T04:34:32.999941Z", "related": ["CVE-2023-5388", "CVE-2024-0743", "CVE-2024-1936", "CVE-2024-2607", "CVE-2024-2608", "CVE-2024-2610", "CVE-2024-2611", "CVE-2024-2612", "CVE-2024-2614"], "summary": "Moderate: thunderbird security update", "details": "Mozilla Thunderbird is a standalone mail and newsgroup client.\n\nThis update upgrades Thunderbird to version 115.9.0.\n\nSecurity Fix(es):\n\n* nss: timing attack against RSA decryption (CVE-2023-5388)\n\n* Mozilla: Crash in NSS TLS method (CVE-2024-0743)\n\n* Mozilla: Leaking of encrypted email subjects to other conversations  (CVE-2024-1936)\n\n* Mozilla: JIT code failed to save return registers on Armv7-A (CVE-2024-2607)\n\n* Mozilla: Integer overflow could have led to out of bounds write\n(CVE-2024-2608)\n\n* Mozilla: Improper handling of html and body tags enabled CSP nonce leakage\n(CVE-2024-2610)\n\n* Mozilla: Clickjacking vulnerability could have led to a user accidentally\ngranting permissions (CVE-2024-2611)\n\n* Mozilla: Self referencing object could have potentially led to a\nuse-after-free (CVE-2024-2612)\n\n* Mozilla: Memory safety bugs fixed in Firefox 124, Firefox ESR 115.9, and\nThunderbird 115.9 (CVE-2024-2614)\n\nFor more details about the security issue(s), including the impact, a CVSS\nscore, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.", "affected": [{"package": {"ecosystem": "Rocky Linux:8", "name": "thunderbird", "purl": "pkg:rpm/rocky-linux/thunderbird?distro=rocky-linux-8&epoch=0"}, "ranges": [{"type": "ECOSYSTEM", "events": [{"introduced": "0"}, {"fixed": "0:115.9.0-1.el8_9"}], "database_specific": {"yum_repository": "AppStream"}}]}], "references": [{"type": "ADVISORY", "url": "https://errata.rockylinux.org/RLSA-2024:1494"}, {"type": "REPORT", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2243644"}, {"type": "REPORT", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2260012"}, {"type": "REPORT", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2268171"}, {"type": "REPORT", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2270660"}, {"type": "REPORT", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2270661"}, {"type": "REPORT", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2270663"}, {"type": "REPORT", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2270664"}, {"type": "REPORT", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2270665"}, {"type": "REPORT", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2270666"}], "credits": [{"name": "Rocky Enterprise Software Foundation"}, {"name": "Red Hat"}]}