← voltar
CVE-2023-6856

CVE-2023-6856

EPSS 20.5%
The WebGL `DrawElementsInstanced` method was susceptible to a heap buffer overflow when used on systems with the Mesa VM driver. This issue could allow an attacker to perform remote code execution and sandbox escape. This vulnerability affects Firefox ESR < 115.6, Thunderbird < 115.6, and Firefox < 121.
Produtos afetados
Mozilla · FirefoxMozilla · Firefox ESRMozilla · Thunderbird

Quer saber se a sua infraestrutura está exposta a isto?

Falar com a TrueHacking →
Referências
https://bugzilla.mozilla.org/show_bug.cgi?id=1843782https://lists.debian.org/debian-lts-announce/2023/12/msg00020.htmlhttps://lists.debian.org/debian-lts-announce/2023/12/msg00021.htmlhttps://security.gentoo.org/glsa/202401-10https://www.debian.org/security/2023/dsa-5581https://www.debian.org/security/2023/dsa-5582https://www.mozilla.org/security/advisories/mfsa2023-54/https://www.mozilla.org/security/advisories/mfsa2023-55/https://www.mozilla.org/security/advisories/mfsa2023-56/