CVE: CVE-2023-6856

Descrizione: The WebGL `DrawElementsInstanced` method was susceptible to a heap buffer overflow when used on systems with the Mesa VM driver. This issue could allow an attacker to perform remote code execution and sandbox escape. This vulnerability affects Firefox ESR < 115.6, Thunderbird < 115.6, and Firefox < 121.

Vettore di attacco

Riferimenti esterni

• https://bugzilla.mozilla.org/show_bug.cgi?id=1843782
• https://www.mozilla.org/security/advisories/mfsa2023-54/
• https://www.mozilla.org/security/advisories/mfsa2023-55/
• https://www.mozilla.org/security/advisories/mfsa2023-56/
• https://www.debian.org/security/2023/dsa-5581
• https://www.debian.org/security/2023/dsa-5582
• https://lists.debian.org/debian-lts-announce/2023/12/msg00020.html
• https://lists.debian.org/debian-lts-announce/2023/12/msg00021.html
• https://security.gentoo.org/glsa/202401-10

Prodotti interessati

• Mozilla – Firefox ESR
• Mozilla – Thunderbird
• Mozilla – Firefox

Relazioni con altri prodotti

Produttore:Mozilla
Prodotto: Firefox
Anno: 2023
CWE:
CVSS: 0.0

Produttore:Mozilla
Prodotto: Thunderbird
Anno: 2023
CWE:
CVSS: 0.0

Produttore:Mozilla
Prodotto: Firefox ESR
Anno: 2023
CWE:
CVSS: 0.0

Ulteriori risorse disponibili

• Vulnerabilità scoperte nello stesso anno (2023)