CVE-2023-6856
HIGH8.8EPSS 10.5%firefox-esr - security update
發布日:2023/12/19修改日:2026/4/28
描述
The WebGL `DrawElementsInstanced` method was susceptible to a heap buffer overflow when used on systems with the Mesa VM driver. This issue could allow an attacker to perform remote code execution and sandbox escape. This vulnerability affects Firefox ESR < 115.6, Thunderbird < 115.6, and Firefox < 121.
受影響套件(4)
- Debian/firefox-esrfrom 0, < 115.6.0esr-1~deb11u1
- Debian/firefox-esrfrom 0, < 115.6.0esr-1~deb10u1
- Debian/firefox-esrfrom 0, < 115.6.0esr-1~deb11u1
- Debian/thunderbirdfrom 0, < 1:115.6.0-1~deb11u1
CVSS 分數
| 來源 | 版本 | 嚴重程度 | 向量 |
|---|---|---|---|
| osv | CVSS 3.1 | HIGH8.8 | CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H |