Launchpad.net

Launchpad Home
Code
Bugs
Blueprints
Translations
Answers

CVE 2023-6856

The WebGL `DrawElementsInstanced` method was susceptible to a heap buffer overflow when used on systems with the Mesa VM driver. This issue could allow an attacker to perform remote code execution and sandbox escape. This vulnerability affects Firefox ESR < 115.6, Thunderbird < 115.6, and Firefox < 121.

See the

CVE page on Mitre.org for more details.

References

MISC: https://bugzilla.mozil...
MISC: https://www.mozilla.or...
MISC: https://www.mozilla.or...
MISC: https://www.mozilla.or...
DEBIAN: DSA-5581
DEBIAN: DSA-5582
MLIST: [debian-lts-announce] ...
MLIST: [debian-lts-announce] ...
GENTOO: GLSA-202401-10

Launchpad.net

CVE 2023-6856

Related bugs

References