Логотип exploitDog
Консоль
Логотип exploitDog

exploitDog

debian логотип

CVE-2023-6856

Опубликовано: 19 дек. 2023
Источник: debian

Описание

The WebGL `DrawElementsInstanced` method was susceptible to a heap buffer overflow when used on systems with the Mesa VM driver. This issue could allow an attacker to perform remote code execution and sandbox escape. This vulnerability affects Firefox ESR < 115.6, Thunderbird < 115.6, and Firefox < 121.

Пакеты

ПакетСтатусВерсия исправленияРелизТип
firefoxfixed121.0-1package
firefox-esrfixed115.6.0esr-1package
thunderbirdfixed1:115.6.0-1package

Примечания

  • https://www.mozilla.org/en-US/security/advisories/mfsa2023-56/#CVE-2023-6856

  • https://www.mozilla.org/en-US/security/advisories/mfsa2023-55/#CVE-2023-6856

  • https://www.mozilla.org/en-US/security/advisories/mfsa2023-54/#CVE-2023-6856

Связанные уязвимости

ubuntu логотип

CVE-2023-6856

CVSS3: 8.8
ubuntu
около 2 лет назад

The WebGL `DrawElementsInstanced` method was susceptible to a heap buffer overflow when used on systems with the Mesa VM driver. This issue could allow an attacker to perform remote code execution and sandbox escape. This vulnerability affects Firefox ESR < 115.6, Thunderbird < 115.6, and Firefox < 121.

redhat логотип

CVE-2023-6856

CVSS3: 8.8
redhat
около 2 лет назад

The WebGL `DrawElementsInstanced` method was susceptible to a heap buffer overflow when used on systems with the Mesa VM driver. This issue could allow an attacker to perform remote code execution and sandbox escape. This vulnerability affects Firefox ESR < 115.6, Thunderbird < 115.6, and Firefox < 121.

nvd логотип

CVE-2023-6856

CVSS3: 8.8
nvd
около 2 лет назад

The WebGL `DrawElementsInstanced` method was susceptible to a heap buffer overflow when used on systems with the Mesa VM driver. This issue could allow an attacker to perform remote code execution and sandbox escape. This vulnerability affects Firefox ESR < 115.6, Thunderbird < 115.6, and Firefox < 121.

msrc логотип

CVE-2023-6856

msrc
5 месяцев назад

The WebGL `DrawElementsInstanced` method was susceptible to a heap buffer overflow when used on systems with the Mesa VM driver. This issue could allow an attacker to perform remote code execution and sandbox escape. This vulnerability affects Firefox ESR < 115.6, Thunderbird < 115.6, and Firefox < 121.

github логотип

GHSA-9846-hqmr-2486

CVSS3: 8.8
github
около 2 лет назад

The WebGL `DrawElementsInstanced` method was susceptible to a heap buffer overflow when used on systems with the Mesa VM driver. This issue could allow an attacker to perform remote code execution and sandbox escape. This vulnerability affects Firefox ESR < 115.6, Thunderbird < 115.6, and Firefox < 121.