{"schema_version": "1.7.0", "id": "RLSA-2024:2888", "modified": "2024-06-14T14:02:43.745033Z", "published": "2024-06-14T14:00:40.182624Z", "upstream": ["CVE-2024-4367", "CVE-2024-4767", "CVE-2024-4768", "CVE-2024-4769", "CVE-2024-4770", "CVE-2024-4777"], "summary": "Important: thunderbird security update", "details": "Mozilla Thunderbird is a standalone mail and newsgroup client.\n\nThis update upgrades Thunderbird to version 115.11.0.\n\nSecurity Fix(es):\n\n* firefox: Arbitrary JavaScript execution in PDF.js (CVE-2024-4367)\n\n* firefox: IndexedDB files retained in private browsing mode (CVE-2024-4767)\n\n* firefox: Potential permissions request bypass via clickjacking (CVE-2024-4768)\n\n* firefox: Cross-origin responses could be distinguished between script and\nnon-script content-types (CVE-2024-4769)\n\n* firefox: Use-after-free could occur when printing to PDF (CVE-2024-4770)\n\n* firefox: Memory safety bugs fixed in Firefox 126, Firefox ESR 115.11, and\nThunderbird 115.11 (CVE-2024-4777)\n\nFor more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.", "affected": [{"package": {"ecosystem": "Rocky Linux:9", "name": "thunderbird", "purl": "pkg:rpm/rocky-linux/thunderbird?distro=rocky-linux-9&epoch=0"}, "ranges": [{"type": "ECOSYSTEM", "events": [{"introduced": "0"}, {"fixed": "0:115.11.0-1.el9_4"}], "database_specific": {"yum_repository": "AppStream"}}]}], "references": [{"type": "ADVISORY", "url": "https://errata.rockylinux.org/RLSA-2024:2888"}, {"type": "REPORT", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2280382"}, {"type": "REPORT", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2280383"}, {"type": "REPORT", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2280384"}, {"type": "REPORT", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2280385"}, {"type": "REPORT", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2280386"}, {"type": "REPORT", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2280387"}], "credits": [{"name": "Rocky Enterprise Software Foundation"}, {"name": "Red Hat"}]}