-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256

===========================================================================
             AUSCERT External Security Bulletin Redistribution

                               ESB-2021.3390
                        thunderbird security update
                              14 October 2021

===========================================================================

        AusCERT Security Bulletin Summary
        ---------------------------------

Product:           thunderbird
Publisher:         Red Hat
Operating System:  Red Hat
Impact/Access:     Execute Arbitrary Code/Commands -- Remote with User Interaction
                   Provide Misleading Information  -- Remote with User Interaction
                   Access Confidential Data        -- Remote with User Interaction
                   Reduced Security                -- Remote with User Interaction
Resolution:        Patch/Upgrade
CVE Names:         CVE-2021-38502 CVE-2021-38501 CVE-2021-38500
                   CVE-2021-38498 CVE-2021-38497 CVE-2021-38496
                   CVE-2021-32810  

Reference:         ESB-2021.3376
                   ESB-2021.3364
                   ESB-2021.3338
                   ESB-2021.3298
                   ESB-2021.3297

Original Bulletin: 
   https://access.redhat.com/errata/RHSA-2021:3841
   https://access.redhat.com/errata/RHSA-2021:3840
   https://access.redhat.com/errata/RHSA-2021:3839
   https://access.redhat.com/errata/RHSA-2021:3838

Comment: This bulletin contains four (4) Red Hat security advisories.

- --------------------------BEGIN INCLUDED TEXT--------------------

- -----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256

=====================================================================
                   Red Hat Security Advisory

Synopsis:          Important: thunderbird security update
Advisory ID:       RHSA-2021:3841-01
Product:           Red Hat Enterprise Linux
Advisory URL:      https://access.redhat.com/errata/RHSA-2021:3841
Issue date:        2021-10-13
CVE Names:         CVE-2021-32810 CVE-2021-38496 CVE-2021-38497 
                   CVE-2021-38498 CVE-2021-38500 CVE-2021-38501 
                   CVE-2021-38502 
=====================================================================

1. Summary:

An update for thunderbird is now available for Red Hat Enterprise Linux 7.

Red Hat Product Security has rated this update as having a security impact
of Important. A Common Vulnerability Scoring System (CVSS) base score,
which gives a detailed severity rating, is available for each vulnerability
from the CVE link(s) in the References section.

2. Relevant releases/architectures:

Red Hat Enterprise Linux Client (v. 7) - x86_64
Red Hat Enterprise Linux Server Optional (v. 7) - ppc64le, x86_64
Red Hat Enterprise Linux Workstation (v. 7) - x86_64

3. Description:

Mozilla Thunderbird is a standalone mail and newsgroup client.

This update upgrades Thunderbird to version 91.2.0.

Security Fix(es):

* Mozilla: Use-after-free in MessageTask (CVE-2021-38496)

* Mozilla: Memory safety bugs fixed in Firefox 93, Firefox ESR 78.15, and
Firefox ESR 91.2 (CVE-2021-38500)

* Mozilla: Memory safety bugs fixed in Firefox 93 and Firefox ESR 91.2
(CVE-2021-38501)

* Mozilla: Downgrade attack on SMTP STARTTLS connections (CVE-2021-38502)

* rust-crossbeam-deque: race condition may lead to double free
(CVE-2021-32810)

* Mozilla: Validation message could have been overlaid on another origin
(CVE-2021-38497)

* Mozilla: Use-after-free of nsLanguageAtomService object (CVE-2021-38498)

For more details about the security issue(s), including the impact, a CVSS
score, acknowledgments, and other related information, refer to the CVE
page(s) listed in the References section.

4. Solution:

For details on how to apply this update, which includes the changes
described in this advisory, refer to:

https://access.redhat.com/articles/11258

All running instances of Thunderbird must be restarted for the update to
take effect.

5. Bugs fixed (https://bugzilla.redhat.com/):

1990342 - CVE-2021-32810 rust-crossbeam-deque: race condition may lead to double free
2011097 - CVE-2021-38496 Mozilla: Use-after-free in MessageTask
2011098 - CVE-2021-38497 Mozilla: Validation message could have been overlaid on another origin
2011099 - CVE-2021-38498 Mozilla: Use-after-free of nsLanguageAtomService object
2011100 - CVE-2021-38500 Mozilla: Memory safety bugs fixed in Firefox 93, Firefox ESR 78.15, and Firefox ESR 91.2
2011101 - CVE-2021-38501 Mozilla: Memory safety bugs fixed in Firefox 93 and Firefox ESR 91.2
2013469 - CVE-2021-38502 Mozilla: Downgrade attack on SMTP STARTTLS connections

6. Package List:

Red Hat Enterprise Linux Client (v. 7):

Source:
thunderbird-91.2.0-1.el7_9.src.rpm

x86_64:
thunderbird-91.2.0-1.el7_9.x86_64.rpm
thunderbird-debuginfo-91.2.0-1.el7_9.x86_64.rpm

Red Hat Enterprise Linux Server Optional (v. 7):

Source:
thunderbird-91.2.0-1.el7_9.src.rpm

ppc64le:
thunderbird-91.2.0-1.el7_9.ppc64le.rpm
thunderbird-debuginfo-91.2.0-1.el7_9.ppc64le.rpm

x86_64:
thunderbird-91.2.0-1.el7_9.x86_64.rpm
thunderbird-debuginfo-91.2.0-1.el7_9.x86_64.rpm

Red Hat Enterprise Linux Workstation (v. 7):

Source:
thunderbird-91.2.0-1.el7_9.src.rpm

x86_64:
thunderbird-91.2.0-1.el7_9.x86_64.rpm
thunderbird-debuginfo-91.2.0-1.el7_9.x86_64.rpm

These packages are GPG signed by Red Hat for security.  Our key and
details on how to verify the signature are available from
https://access.redhat.com/security/team/key/

7. References:

https://access.redhat.com/security/cve/CVE-2021-32810
https://access.redhat.com/security/cve/CVE-2021-38496
https://access.redhat.com/security/cve/CVE-2021-38497
https://access.redhat.com/security/cve/CVE-2021-38498
https://access.redhat.com/security/cve/CVE-2021-38500
https://access.redhat.com/security/cve/CVE-2021-38501
https://access.redhat.com/security/cve/CVE-2021-38502
https://access.redhat.com/security/updates/classification/#important

8. Contact:

The Red Hat security contact is <secalert@redhat.com>. More contact
details at https://access.redhat.com/security/team/contact/

Copyright 2021 Red Hat, Inc.
- -----BEGIN PGP SIGNATURE-----
Version: GnuPG v1

iQIVAwUBYWatu9zjgjWX9erEAQjE8g//dWbkW/wXFUkhsnaB6rSDDJv5TClFDP3g
QDgNw0NyFhLR+BUkvuU72dfsYutpOgF8ziXax6z0wdS591XdohdKVV0T5GmUgzzs
AK34DkZHMSwsNNSEHz41uwF9C/3dQaCvzPWPx8nJXaQytfHadiwTzZAZWBBuJaM2
ygXu0L6MU5qVBx2nqgP1sF/ZIe8Q1RTfkaL4EjRcsws3AqGMFvk4mAmRV3LzNbEv
aFZPega3tpeRmVRbF7V3Pm69f+at6ucgatKjISXX6xKNi/U2KEpYCYIvwo0j2tQ8
77RrOzgng+j0ocJwgsZeBmUXGzGloqPHJcGDfMHv+BrmKm7qjpwMbFVXSY5CnYPA
gbtT0MjOw22JP8aiKZPisfWHzZV9P8TL+3A7zGbYHyfm9GBJjr5z/vCjRNW1NQjw
lRUbQEVIiSNGDYnZ1J3p6vhFjnks2kyuX/w+n9qo8dDXg8lonwGmj0B/uXyJ8AJW
wYQBmDIm0eZiyyAPR6HpmEK3C/ybNgudGbB4PkH76V8/uSl/i6XLKm9GRB2IbtG5
77/K62qaMOsghc1JlXwsbM7HKwVP7UPRwQktjRq2dYIOvNPaddkrIl/5nlByc8OF
tvh3lLdHpQ/7Vgajgo3/zCUQKX0VNDvI4bpR91QUZUYgjvZErMvBL5xXlp5OdEig
DwFrNFgSylE=
=nvXp
- -----END PGP SIGNATURE-----


- --------------------------------------------------------------------------------


- -----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256

=====================================================================
                   Red Hat Security Advisory

Synopsis:          Important: thunderbird security update
Advisory ID:       RHSA-2021:3840-01
Product:           Red Hat Enterprise Linux
Advisory URL:      https://access.redhat.com/errata/RHSA-2021:3840
Issue date:        2021-10-13
CVE Names:         CVE-2021-32810 CVE-2021-38496 CVE-2021-38497 
                   CVE-2021-38498 CVE-2021-38500 CVE-2021-38501 
                   CVE-2021-38502 
=====================================================================

1. Summary:

An update for thunderbird is now available for Red Hat Enterprise Linux 8.1
Extended Update Support.

Red Hat Product Security has rated this update as having a security impact
of Important. A Common Vulnerability Scoring System (CVSS) base score,
which gives a detailed severity rating, is available for each vulnerability
from the CVE link(s) in the References section.

2. Relevant releases/architectures:

Red Hat Enterprise Linux AppStream EUS (v. 8.1) - ppc64le, x86_64

3. Description:

Mozilla Thunderbird is a standalone mail and newsgroup client.

This update upgrades Thunderbird to version 91.2.0.

Security Fix(es):

* Mozilla: Use-after-free in MessageTask (CVE-2021-38496)

* Mozilla: Memory safety bugs fixed in Firefox 93, Firefox ESR 78.15, and
Firefox ESR 91.2 (CVE-2021-38500)

* Mozilla: Memory safety bugs fixed in Firefox 93 and Firefox ESR 91.2
(CVE-2021-38501)

* Mozilla: Downgrade attack on SMTP STARTTLS connections (CVE-2021-38502)

* rust-crossbeam-deque: race condition may lead to double free
(CVE-2021-32810)

* Mozilla: Validation message could have been overlaid on another origin
(CVE-2021-38497)

* Mozilla: Use-after-free of nsLanguageAtomService object (CVE-2021-38498)

For more details about the security issue(s), including the impact, a CVSS
score, acknowledgments, and other related information, refer to the CVE
page(s) listed in the References section.

4. Solution:

For details on how to apply this update, which includes the changes
described in this advisory, refer to:

https://access.redhat.com/articles/11258

All running instances of Thunderbird must be restarted for the update to
take effect.

5. Bugs fixed (https://bugzilla.redhat.com/):

1990342 - CVE-2021-32810 rust-crossbeam-deque: race condition may lead to double free
2011097 - CVE-2021-38496 Mozilla: Use-after-free in MessageTask
2011098 - CVE-2021-38497 Mozilla: Validation message could have been overlaid on another origin
2011099 - CVE-2021-38498 Mozilla: Use-after-free of nsLanguageAtomService object
2011100 - CVE-2021-38500 Mozilla: Memory safety bugs fixed in Firefox 93, Firefox ESR 78.15, and Firefox ESR 91.2
2011101 - CVE-2021-38501 Mozilla: Memory safety bugs fixed in Firefox 93 and Firefox ESR 91.2
2013469 - CVE-2021-38502 Mozilla: Downgrade attack on SMTP STARTTLS connections

6. Package List:

Red Hat Enterprise Linux AppStream EUS (v. 8.1):

Source:
thunderbird-91.2.0-1.el8_1.src.rpm

ppc64le:
thunderbird-91.2.0-1.el8_1.ppc64le.rpm
thunderbird-debuginfo-91.2.0-1.el8_1.ppc64le.rpm
thunderbird-debugsource-91.2.0-1.el8_1.ppc64le.rpm

x86_64:
thunderbird-91.2.0-1.el8_1.x86_64.rpm
thunderbird-debuginfo-91.2.0-1.el8_1.x86_64.rpm
thunderbird-debugsource-91.2.0-1.el8_1.x86_64.rpm

These packages are GPG signed by Red Hat for security.  Our key and
details on how to verify the signature are available from
https://access.redhat.com/security/team/key/

7. References:

https://access.redhat.com/security/cve/CVE-2021-32810
https://access.redhat.com/security/cve/CVE-2021-38496
https://access.redhat.com/security/cve/CVE-2021-38497
https://access.redhat.com/security/cve/CVE-2021-38498
https://access.redhat.com/security/cve/CVE-2021-38500
https://access.redhat.com/security/cve/CVE-2021-38501
https://access.redhat.com/security/cve/CVE-2021-38502
https://access.redhat.com/security/updates/classification/#important

8. Contact:

The Red Hat security contact is <secalert@redhat.com>. More contact
details at https://access.redhat.com/security/team/contact/

Copyright 2021 Red Hat, Inc.
- -----BEGIN PGP SIGNATURE-----
Version: GnuPG v1

iQIVAwUBYWam9tzjgjWX9erEAQgF6BAAqDJ8d18sSf4Y8ZT/OWODznBIiEWm6W6i
ohn4aCh5u2lSluN4aMApw54s1d8jbcSgKgWMRHZA+ClVVuvJ5XgAhs89IJMzSIUv
1HXmneS8zt9ZGd0qyddujV3QX89OprLbiP8SB1JqXFpXA/D0mcUWMRfAYUbSI7jp
WJjK+LG6syTZBBs0HiLd850MqAAggb4y/kkCWtRlT6gT15bownjrO0hCLxbFoTpR
Z78ZPy47+jvMbAxnzNtCjpV6uOdVLjiH/NpLTnjN7UfE1l61TVzgyNXoxIeXB+3d
nB+6tN9JCm0nwu091hpMn2ZNMO1Ui6lsB6YS8pYEQkCn1R+lrXR3/0lQ3vii4zRs
lkM/um9sVCwxMP/7h7GQLh8D6qprKiqZMN/tWoM4B7y6kVc9tFbESLhd13BCfDfa
2hTvB4mfDnIhz0wOdJA1VTnmuieXOBVRae8tLnuoG/5A5xaqoApfkYQmFJxYwJ42
xWoaZHuYb5lwxukOVsmVRhDyHfUF01xXJjMUqn2p4wzF6iz/0p+fWbNSqtevhtBH
cI8492voeHUoyQVSUNqaa21BmN8jtzL0fkgDn7YPiol/xGAZFmD2fNgTVm5cLrfQ
y26+s3EYvBYrniSWAG9XROsTqrzE9Ngh1wgfW+K//dvAiQ8vdEg65CwRvlDaDC6d
DOckdPLQXLE=
=qTTz
- -----END PGP SIGNATURE-----


- --------------------------------------------------------------------------------


- -----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256

=====================================================================
                   Red Hat Security Advisory

Synopsis:          Important: thunderbird security update
Advisory ID:       RHSA-2021:3839-01
Product:           Red Hat Enterprise Linux
Advisory URL:      https://access.redhat.com/errata/RHSA-2021:3839
Issue date:        2021-10-13
CVE Names:         CVE-2021-32810 CVE-2021-38496 CVE-2021-38497 
                   CVE-2021-38498 CVE-2021-38500 CVE-2021-38501 
                   CVE-2021-38502 
=====================================================================

1. Summary:

An update for thunderbird is now available for Red Hat Enterprise Linux 8.2
Extended Update Support.

Red Hat Product Security has rated this update as having a security impact
of Important. A Common Vulnerability Scoring System (CVSS) base score,
which gives a detailed severity rating, is available for each vulnerability
from the CVE link(s) in the References section.

2. Relevant releases/architectures:

Red Hat Enterprise Linux AppStream EUS (v. 8.2) - aarch64, ppc64le, x86_64

3. Description:

Mozilla Thunderbird is a standalone mail and newsgroup client.

This update upgrades Thunderbird to version 91.2.0.

Security Fix(es):

* Mozilla: Use-after-free in MessageTask (CVE-2021-38496)

* Mozilla: Memory safety bugs fixed in Firefox 93, Firefox ESR 78.15, and
Firefox ESR 91.2 (CVE-2021-38500)

* Mozilla: Memory safety bugs fixed in Firefox 93 and Firefox ESR 91.2
(CVE-2021-38501)

* Mozilla: Downgrade attack on SMTP STARTTLS connections (CVE-2021-38502)

* rust-crossbeam-deque: race condition may lead to double free
(CVE-2021-32810)

* Mozilla: Validation message could have been overlaid on another origin
(CVE-2021-38497)

* Mozilla: Use-after-free of nsLanguageAtomService object (CVE-2021-38498)

For more details about the security issue(s), including the impact, a CVSS
score, acknowledgments, and other related information, refer to the CVE
page(s) listed in the References section.

4. Solution:

For details on how to apply this update, which includes the changes
described in this advisory, refer to:

https://access.redhat.com/articles/11258

All running instances of Thunderbird must be restarted for the update to
take effect.

5. Bugs fixed (https://bugzilla.redhat.com/):

1990342 - CVE-2021-32810 rust-crossbeam-deque: race condition may lead to double free
2011097 - CVE-2021-38496 Mozilla: Use-after-free in MessageTask
2011098 - CVE-2021-38497 Mozilla: Validation message could have been overlaid on another origin
2011099 - CVE-2021-38498 Mozilla: Use-after-free of nsLanguageAtomService object
2011100 - CVE-2021-38500 Mozilla: Memory safety bugs fixed in Firefox 93, Firefox ESR 78.15, and Firefox ESR 91.2
2011101 - CVE-2021-38501 Mozilla: Memory safety bugs fixed in Firefox 93 and Firefox ESR 91.2
2013469 - CVE-2021-38502 Mozilla: Downgrade attack on SMTP STARTTLS connections

6. Package List:

Red Hat Enterprise Linux AppStream EUS (v. 8.2):

Source:
thunderbird-91.2.0-1.el8_2.src.rpm

aarch64:
thunderbird-91.2.0-1.el8_2.aarch64.rpm
thunderbird-debuginfo-91.2.0-1.el8_2.aarch64.rpm
thunderbird-debugsource-91.2.0-1.el8_2.aarch64.rpm

ppc64le:
thunderbird-91.2.0-1.el8_2.ppc64le.rpm
thunderbird-debuginfo-91.2.0-1.el8_2.ppc64le.rpm
thunderbird-debugsource-91.2.0-1.el8_2.ppc64le.rpm

x86_64:
thunderbird-91.2.0-1.el8_2.x86_64.rpm
thunderbird-debuginfo-91.2.0-1.el8_2.x86_64.rpm
thunderbird-debugsource-91.2.0-1.el8_2.x86_64.rpm

These packages are GPG signed by Red Hat for security.  Our key and
details on how to verify the signature are available from
https://access.redhat.com/security/team/key/

7. References:

https://access.redhat.com/security/cve/CVE-2021-32810
https://access.redhat.com/security/cve/CVE-2021-38496
https://access.redhat.com/security/cve/CVE-2021-38497
https://access.redhat.com/security/cve/CVE-2021-38498
https://access.redhat.com/security/cve/CVE-2021-38500
https://access.redhat.com/security/cve/CVE-2021-38501
https://access.redhat.com/security/cve/CVE-2021-38502
https://access.redhat.com/security/updates/classification/#important

8. Contact:

The Red Hat security contact is <secalert@redhat.com>. More contact
details at https://access.redhat.com/security/team/contact/

Copyright 2021 Red Hat, Inc.
- -----BEGIN PGP SIGNATURE-----
Version: GnuPG v1

iQIVAwUBYWam6NzjgjWX9erEAQhP7RAAl+2nhF5jf49AWDmtjdlFUataUsgxlclU
x4UAyTvrWb5e7GQ+gzGlaYNRBrz+lbEo7Ei2TkbAZ+uB4sa7gZfONxSyI6kw4cHA
QTBC3KD08JBPH+1YDN9pQ64MzTM6D55rIvXPR3jnQiVn1kb/G4w3ygjixlqV8JYd
yEX8JlfxHJh8m2V1rPPd5T+5dPRRE+8IMSxKW9tMuBgAB7wUkJYErzA/Q4lKMVzb
yXKG1Bu3DheZaCxpcBUFGfyJuCsj2Ehu2rC/pIzBFJHxPOxvTSVQCKoTjb4AVplb
YSU7d+r1U0j4iqZjssSDoVHL6qTDGTqKmYIgQ5YaUdkpaWv4FhL4mPiOqcntb1uQ
JOpJcti8C5kPU08xi70CGLGd/Djb5oKZN38RNbVyjHh97aEHf+sc3xBiykfbYkRE
UZZ+sMRnimeuUqGv0YW7KwSEF7K77f4r2YaQuzUvFoekfuOAgdYLbGohKMB/0Fio
HCFAgB3qGf0xRUafOE29HGoHgXiDdufVQwiu52A21KG20IcyuNWVS34tft486Qrj
Gx9RGSZJ3r30MY/uQFdu5u/ZiQrwHQuK9DTTOHO4DZ8qxWn1ZnW5Z8UvArhWde3Q
89V7vBkPMlqUNNXvoyd4S5tW53X5uwlVdVVE2f5e86zJjaoPtc8xGL2yeEtrMzzT
2CuqEsGV68s=
=S3K2
- -----END PGP SIGNATURE-----


- --------------------------------------------------------------------------------


- -----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256

=====================================================================
                   Red Hat Security Advisory

Synopsis:          Important: thunderbird security update
Advisory ID:       RHSA-2021:3838-01
Product:           Red Hat Enterprise Linux
Advisory URL:      https://access.redhat.com/errata/RHSA-2021:3838
Issue date:        2021-10-13
CVE Names:         CVE-2021-32810 CVE-2021-38496 CVE-2021-38497 
                   CVE-2021-38498 CVE-2021-38500 CVE-2021-38501 
                   CVE-2021-38502 
=====================================================================

1. Summary:

An update for thunderbird is now available for Red Hat Enterprise Linux 8.

Red Hat Product Security has rated this update as having a security impact
of Important. A Common Vulnerability Scoring System (CVSS) base score,
which gives a detailed severity rating, is available for each vulnerability
from the CVE link(s) in the References section.

2. Relevant releases/architectures:

Red Hat Enterprise Linux AppStream (v. 8) - aarch64, ppc64le, s390x, x86_64

3. Description:

Mozilla Thunderbird is a standalone mail and newsgroup client.

This update upgrades Thunderbird to version 91.2.0.

Security Fix(es):

* Mozilla: Use-after-free in MessageTask (CVE-2021-38496)

* Mozilla: Memory safety bugs fixed in Firefox 93, Firefox ESR 78.15, and
Firefox ESR 91.2 (CVE-2021-38500)

* Mozilla: Memory safety bugs fixed in Firefox 93 and Firefox ESR 91.2
(CVE-2021-38501)

* Mozilla: Downgrade attack on SMTP STARTTLS connections (CVE-2021-38502)

* rust-crossbeam-deque: race condition may lead to double free
(CVE-2021-32810)

* Mozilla: Validation message could have been overlaid on another origin
(CVE-2021-38497)

* Mozilla: Use-after-free of nsLanguageAtomService object (CVE-2021-38498)

For more details about the security issue(s), including the impact, a CVSS
score, acknowledgments, and other related information, refer to the CVE
page(s) listed in the References section.

4. Solution:

For details on how to apply this update, which includes the changes
described in this advisory, refer to:

https://access.redhat.com/articles/11258

All running instances of Thunderbird must be restarted for the update to
take effect.

5. Bugs fixed (https://bugzilla.redhat.com/):

1990342 - CVE-2021-32810 rust-crossbeam-deque: race condition may lead to double free
2011097 - CVE-2021-38496 Mozilla: Use-after-free in MessageTask
2011098 - CVE-2021-38497 Mozilla: Validation message could have been overlaid on another origin
2011099 - CVE-2021-38498 Mozilla: Use-after-free of nsLanguageAtomService object
2011100 - CVE-2021-38500 Mozilla: Memory safety bugs fixed in Firefox 93, Firefox ESR 78.15, and Firefox ESR 91.2
2011101 - CVE-2021-38501 Mozilla: Memory safety bugs fixed in Firefox 93 and Firefox ESR 91.2
2013469 - CVE-2021-38502 Mozilla: Downgrade attack on SMTP STARTTLS connections

6. Package List:

Red Hat Enterprise Linux AppStream (v. 8):

Source:
thunderbird-91.2.0-1.el8_4.src.rpm

aarch64:
thunderbird-91.2.0-1.el8_4.aarch64.rpm
thunderbird-debuginfo-91.2.0-1.el8_4.aarch64.rpm
thunderbird-debugsource-91.2.0-1.el8_4.aarch64.rpm

ppc64le:
thunderbird-91.2.0-1.el8_4.ppc64le.rpm
thunderbird-debuginfo-91.2.0-1.el8_4.ppc64le.rpm
thunderbird-debugsource-91.2.0-1.el8_4.ppc64le.rpm

s390x:
thunderbird-91.2.0-1.el8_4.s390x.rpm
thunderbird-debuginfo-91.2.0-1.el8_4.s390x.rpm
thunderbird-debugsource-91.2.0-1.el8_4.s390x.rpm

x86_64:
thunderbird-91.2.0-1.el8_4.x86_64.rpm
thunderbird-debuginfo-91.2.0-1.el8_4.x86_64.rpm
thunderbird-debugsource-91.2.0-1.el8_4.x86_64.rpm

These packages are GPG signed by Red Hat for security.  Our key and
details on how to verify the signature are available from
https://access.redhat.com/security/team/key/

7. References:

https://access.redhat.com/security/cve/CVE-2021-32810
https://access.redhat.com/security/cve/CVE-2021-38496
https://access.redhat.com/security/cve/CVE-2021-38497
https://access.redhat.com/security/cve/CVE-2021-38498
https://access.redhat.com/security/cve/CVE-2021-38500
https://access.redhat.com/security/cve/CVE-2021-38501
https://access.redhat.com/security/cve/CVE-2021-38502
https://access.redhat.com/security/updates/classification/#important

8. Contact:

The Red Hat security contact is <secalert@redhat.com>. More contact
details at https://access.redhat.com/security/team/contact/

Copyright 2021 Red Hat, Inc.
- -----BEGIN PGP SIGNATURE-----
Version: GnuPG v1

iQIVAwUBYWank9zjgjWX9erEAQjC1BAAgimxjq1dn216oSAC+ccBTX6XbQ/z9WW3
7moPWhe3CR55MrQhyo0TXz/98l26iGzjj+61FrhTuP2ZtZJYUMOHez+sAFaQVjzr
DIdOV8UhDAk3Ym8hbMgAGKViDuBS/y9gYxSzsLUxJlMBg+UsQWH+aX71zkij58IK
HFN/NWCIFH6A2LkPaGSwkFkQ95PNH00TrzmHMCukH8iTw+AVbleh93skJFfIZjKW
OOq8G7Ek/whqUwyHxzuf+WgNHgWnW3N7zpgMdujvBfA4jYqJb+4VZgNfmGAEFJiP
Q8E7jcxiL4/LQjjNHdSCeikdPvesMEodUf04g802anamPrZrgJhR89jBl+sDS/Ry
vwKkkgNTev1Ko6OyZnZXq8xiDN1QhFNfjWgwminbDc6mw8FAOGDM2s+N/myBkNP/
KCi4MO81x73Df1eBTw0/vMPvTtBxBelyPPvc7FXBbDSq/mu767QGnfcp7k6E2TaD
HV/A4/1+YfHzeKGoCr09gnmWL2qiK6HJHaFpQ14g+CKRIEcVGp+gRYCJ0IDWIy3X
2t5PcDQLGN9DGRoVb8ljx9blBRRr5sNx4OyCCzkAjURHDyyFph9aRPkW+dJWoNBl
4IYMX0vqbHAhuGnjcucnlvn555dL2HH7Pxq5o18sWGjFyg0fnQeJC7puvwB6MCD8
wTcx4nlU+zA=
=Z0OO
- -----END PGP SIGNATURE-----

- --------------------------END INCLUDED TEXT--------------------

You have received this e-mail bulletin as a result of your organisation's
registration with AusCERT. The mailing list you are subscribed to is
maintained within your organisation, so if you do not wish to continue
receiving these bulletins you should contact your local IT manager. If
you do not know who that is, please send an email to auscert@auscert.org.au
and we will forward your request to the appropriate person.

NOTE: Third Party Rights
This security bulletin is provided as a service to AusCERT's members.  As
AusCERT did not write the document quoted above, AusCERT has had no control
over its content. The decision to follow or act on information or advice
contained in this security bulletin is the responsibility of each user or
organisation, and should be considered in accordance with your organisation's
site policies and procedures. AusCERT takes no responsibility for consequences
which may arise from following or acting on information or advice contained in
this security bulletin.

NOTE: This is only the original release of the security bulletin.  It may
not be updated when updates to the original are made.  If downloading at
a later date, it is recommended that the bulletin is retrieved directly
from the author's website to ensure that the information is still current.

Contact information for the authors of the original document is included
in the Security Bulletin above.  If you have any questions or need further
information, please contact them directly.

Previous advisories and external security bulletins can be retrieved from:

        https://www.auscert.org.au/bulletins/

===========================================================================
Australian Computer Emergency Response Team
The University of Queensland
Brisbane
Qld 4072

Internet Email: auscert@auscert.org.au
Facsimile:      (07) 3365 7031
Telephone:      (07) 3365 4417 (International: +61 7 3365 4417)
                AusCERT personnel answer during Queensland business hours
                which are GMT+10:00 (AEST).
                On call after hours for member emergencies only.
===========================================================================
-----BEGIN PGP SIGNATURE-----
Comment: http://www.auscert.org.au/render.html?it=1967

iQIVAwUBYWdlHuNLKJtyKPYoAQiKihAAn8Way5r9y/FilfsrTqhC/G7I08Uvol9w
rNn4rmRpmNqrs0sgBemLSHfO+lqBd1SwCbERALol3N0NGdn6lDeiYbT9WaZ+KZ2p
xF2C+hFl8YqICRUG2sFeYSSm4QIoHR7z3D7fz9nm4rgzHQ7wZn1aWW9eTmNDUVpU
WM2tQ5eBVOX1B+HXIthPkyJZ6cgcA79tk/sb08VhxqiQNGjaUzL2GbHc546Z55sE
mfug+8S6T8wgX8izS7GBhz+wxNyBwtl/SeDFTRnQHLdaeTsF6dmn52gSoudyGlnB
2ex+5njeRySltgEFWOWcw1jyT0o5pYo69fp6I45JcdMH7ywqCmMUsy/PGPWsVcnW
T3U4h+M3MYcjWl+t+cpfByz8ky0AR3N+JYUwqvBtwJsUfU0k1uC7KHkGV/Vmq7Rn
4PtFfQS4KBl0MKDJuBO5D01SQIk9Ec0IL3nR3eF4KVi5/WWLl/+LKmdtaE5nUOnA
t+36GZESmckh1uhI9OsWbU33iZGEhD/SC81hEbVNj0o+P31xafaVcb3+BnY2G+Bv
B9YjY133yb1U2aPJvl2Wb9uj9OBMhBBIaFPlQugRrydN5Vbru75/YcBrXUXkMstf
Ak3fgIfDE0ZqV3je1EyWST29OqXnq/Nncr7WeX+PH79x3cErV2siP+t2spn+SPkG
FHvdJ6b00ro=
=9uqy
-----END PGP SIGNATURE-----