Skip to main content
Press slash or control plus K to focus the search. Use the arrow keys to navigate results and press enter to open a threat.
Reconnecting to live updates…
EPSS 0.5%top 59%

Red Hat Security Advisory: thunderbird security update

0
High
Published: 10/16/2024 (10/16/2024, 06:41:43 UTC)
Source: GCVE Database
Vendor/Project: Red Hat Product Security
Product: Red Hat

Description

Multiple security vulnerabilities affecting Mozilla Thunderbird have been addressed in a Red Hat security update. These include denial of service via specially crafted WebTransport requests, memory safety bugs, potential directory upload bypass via clickjacking, external protocol handler enumeration, memory corruption issues, cross-origin access to PDF and JSON contents, and site isolation bypass by compromised content processes. The update applies to Thunderbird versions 128.3 and 131 as referenced in the advisory. Red Hat has released updated packages for Red Hat Enterprise Linux 8.8 Extended Update Support to remediate these issues.

Affected software

redhat/thunderbird
pkg:rpm/redhat/thunderbird
Affected versions
=128.3=128.3.1=131.1

Run on your own infrastructure? Check whether these packages are installed with threat-finder — our free open-source scanner.

AI-Powered Analysis

Machine-generated threat intelligence

AILast updated: 06/28/2026, 22:36:53 UTC

Technical Analysis

This Red Hat security advisory addresses a set of vulnerabilities in Mozilla Thunderbird, including CVE-2024-9392 (site isolation bypass by compromised content process), CVE-2024-9393 and CVE-2024-9394 (cross-origin access to PDF and JSON contents), CVE-2024-9396 (memory corruption when cloning objects), CVE-2024-9397 (directory upload bypass via clickjacking), CVE-2024-9398 (external protocol handler enumeration), CVE-2024-9399 (denial of service via WebTransport requests), CVE-2024-9400 (memory corruption during JIT compilation), CVE-2024-9401, CVE-2024-9402, CVE-2024-9403 (multiple memory safety bugs), and CVE-2024-9680 (use-after-free in animation timeline). These vulnerabilities affect Thunderbird versions 128.3 and 131 and related Firefox versions. Red Hat has released patched Thunderbird packages (version 128.3.1) for Red Hat Enterprise Linux 8.8 Extended Update Support to address these issues.

Potential Impact

Successful exploitation of these vulnerabilities could lead to denial of service, memory corruption, bypass of security mechanisms such as site isolation, unauthorized cross-origin data access, clickjacking-based directory upload bypass, and enumeration of external protocol handlers. These impacts could compromise the confidentiality, integrity, and availability of the affected Thunderbird client. The advisory rates the overall security impact as Important (high severity).

Mitigation Recommendations

Red Hat has released updated Thunderbird packages (version 128.3.1) for Red Hat Enterprise Linux 8.8 Extended Update Support that address these vulnerabilities. Users should apply this security update promptly after ensuring all prior errata relevant to their system are applied. Detailed update instructions are available from Red Hat's official documentation. No additional mitigation steps are indicated beyond applying the official patch.

Pro Console: star threats, build custom feeds, automate alerts via Slack, email & webhooks.Upgrade to Pro

Technical Details

Gcve Source
db.gcve.eu
Csaf Category
csaf_security_advisory
Csaf Version
2.0
Publisher
Red Hat Product Security
Advisory Id
RHSA-2024:8166
Cve Count
12
Additional Cves
["CVE-2024-9393","CVE-2024-9394","CVE-2024-9396","CVE-2024-9397","CVE-2024-9398","CVE-2024-9399","CVE-2024-9400","CVE-2024-9401","CVE-2024-9402","CVE-2024-9403","CVE-2024-9680"]
Cvss Version
null

Threat ID: 6a419cbc27e9c79719abf45e

Added to database: 06/28/2026, 22:14:20 UTC

Last enriched: 06/28/2026, 22:36:53 UTC

Last updated: 07/02/2026, 21:17:17 UTC

Views: 18

Community Reviews

0 reviews

Crowdsource mitigation strategies, share intel context, and vote on the most helpful responses. Sign in to add your voice and help keep defenders ahead.

Sort by
Loading community insights…

Want to contribute mitigation steps or threat intel context? Sign in or create an account to join the community discussion.

Actions

PRO

Updates to AI analysis require Pro Console access. Upgrade inside Console → Billing.

Please log in to the Console to use AI analysis features.

Need more coverage?

Upgrade to Pro Console for AI refresh and higher limits.

For incident response and remediation, OffSeq services can help resolve threats faster.

Latest Threats

Breach by OffSeqOFFSEQFRIENDS — 25% OFF

Check if your credentials are on the dark web

Instant breach scanning across billions of leaked records. Free tier available.

Scan now
OffSeq TrainingCredly Certified

Lead Pen Test Professional

Technical5-day eLearningPECB Accredited
View courses