thunderbird-128.3.1-1.el8_10.ML.1

エラータID: AXSA:2024-8910:25

Release date: 
Thursday, October 17, 2024 - 18:14
Subject: 
thunderbird-128.3.1-1.el8_10.ML.1
Affected Channels: 
Asianux Server 8 for x86_64
Severity: 
High
Description: 

Mozilla Thunderbird is a standalone mail and newsgroup client.

Security Fix(es):

* firefox: Use-after-free in Animation timeline (128.3.1 ESR Chemspill) (CVE-2024-9680)

For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.

CVE-2024-9680
An attacker was able to achieve code execution in the content process by exploiting a use-after-free in Animation timelines. We have had reports of this vulnerability being exploited in the wild. This vulnerability affects Firefox < 131.0.2, Firefox ESR < 128.3.1, Firefox ESR < 115.16.1, Thunderbird < 131.0.1, Thunderbird < 128.3.1, and Thunderbird < 115.16.0.

Solution: 

Update packages.

CVEs: 
CVE-2024-9680
An attacker was able to achieve code execution in the content process by exploiting a use-after-free in Animation timelines. We have had reports of this vulnerability being exploited in the wild. This vulnerability affects Firefox < 131.0.2, Firefox ESR < 128.3.1, Firefox ESR < 115.16.1, Thunderbird < 131.0.1, Thunderbird < 128.3.1, and Thunderbird < 115.16.0.
Additional Info: 

N/A

Download: 

SRPMS
  1. thunderbird-128.3.1-1.el8_10.ML.1.src.rpm
    MD5: dfeacacdd976cef3d99265309bdc9076
    SHA-256: 9886b2754b8cf5f1874ccd3570c674a428209cd4ab3a30706f8ab95bd6df0b5e
    Size: 851.20 MB

Asianux Server 8 for x86_64
  1. thunderbird-128.3.1-1.el8_10.ML.1.x86_64.rpm
    MD5: 8f387e7948338d7b1507d0352636fa1d
    SHA-256: 973de8efc03c34f6bf25f9d61243809556c354a667da2d45e7487f4a1c70c82f
    Size: 120.15 MB