The WebGL `DrawElementsInstanced` method was susceptible to a heap buffer overflow when used on systems with the Mesa VM driver. This issue could allow an attacker to perform remote code execution and sandbox escape. This vulnerability affects Firefox ESR < 115.6, Thunderbird < 115.6, and Firefox < 121.
References
Link | Resource |
---|---|
https://bugzilla.mozilla.org/show_bug.cgi?id=1843782 | Issue Tracking Permissions Required |
https://lists.debian.org/debian-lts-announce/2023/12/msg00020.html | Mailing List Third Party Advisory |
https://lists.debian.org/debian-lts-announce/2023/12/msg00021.html | Mailing List Third Party Advisory |
https://security.gentoo.org/glsa/202401-10 | Third Party Advisory |
https://www.debian.org/security/2023/dsa-5581 | Third Party Advisory |
https://www.debian.org/security/2023/dsa-5582 | Third Party Advisory |
https://www.mozilla.org/security/advisories/mfsa2023-54/ | Vendor Advisory |
https://www.mozilla.org/security/advisories/mfsa2023-55/ | Vendor Advisory |
https://www.mozilla.org/security/advisories/mfsa2023-56/ | Vendor Advisory |
Configurations
Configuration 1 (hide)
|
Configuration 2 (hide)
|
History
02 Feb 2024, 02:31
Type | Values Removed | Values Added |
---|---|---|
References | () https://lists.debian.org/debian-lts-announce/2023/12/msg00020.html - Mailing List, Third Party Advisory | |
References | () https://lists.debian.org/debian-lts-announce/2023/12/msg00021.html - Mailing List, Third Party Advisory | |
References | () https://security.gentoo.org/glsa/202401-10 - Third Party Advisory | |
CPE | cpe:2.3:o:debian:debian_linux:10.0:*:*:*:*:*:*:* |
07 Jan 2024, 11:15
Type | Values Removed | Values Added |
---|---|---|
References |
|
29 Dec 2023, 13:15
Type | Values Removed | Values Added |
---|---|---|
References |
|
22 Dec 2023, 11:10
Type | Values Removed | Values Added |
---|---|---|
CVSS |
v2 : v3 : |
v2 : unknown
v3 : 8.8 |
CPE | cpe:2.3:o:debian:debian_linux:12.0:*:*:*:*:*:*:* cpe:2.3:a:mozilla:firefox_esr:*:*:*:*:*:*:*:* cpe:2.3:o:debian:debian_linux:11.0:*:*:*:*:*:*:* cpe:2.3:a:mozilla:thunderbird:*:*:*:*:*:*:*:* cpe:2.3:a:mozilla:firefox:*:*:*:*:*:*:*:* |
|
First Time |
Mozilla thunderbird
Debian Mozilla firefox Esr Mozilla firefox Mozilla Debian debian Linux |
|
CWE | CWE-787 | |
References | () https://bugzilla.mozilla.org/show_bug.cgi?id=1843782 - Issue Tracking, Permissions Required | |
References | () https://www.debian.org/security/2023/dsa-5581 - Third Party Advisory | |
References | () https://www.debian.org/security/2023/dsa-5582 - Third Party Advisory | |
References | () https://www.mozilla.org/security/advisories/mfsa2023-54/ - Vendor Advisory | |
References | () https://www.mozilla.org/security/advisories/mfsa2023-55/ - Vendor Advisory | |
References | () https://www.mozilla.org/security/advisories/mfsa2023-56/ - Vendor Advisory |
22 Dec 2023, 01:15
Type | Values Removed | Values Added |
---|---|---|
References |
|
21 Dec 2023, 01:15
Type | Values Removed | Values Added |
---|---|---|
Summary |
|
|
References |
|
19 Dec 2023, 14:15
Type | Values Removed | Values Added |
---|---|---|
New CVE |
Information
Published : 2023-12-19 14:15
Updated : 2024-02-02 02:31
NVD link : CVE-2023-6856
Mitre link : CVE-2023-6856
CVE.ORG link : CVE-2023-6856
JSON object : View
Products Affected
mozilla
- thunderbird
- firefox
- firefox_esr
debian
- debian_linux
CWE
CWE-787
Out-of-bounds Write