PT-2023-8005 · Mozilla+9 · Firefox+10

Dohyun Lee

Publicado

2023-12-19

Atualizado

2026-02-18

CVE-2023-6856

CVSS v2.0

Alta

Vetor

AV:N/AC:L/Au:N/C:C/I:C/A:C

Name of the Vulnerable Software and Affected Versions Firefox ESR versions prior to 115.6 Thunderbird versions prior to 115.6 Firefox versions prior to 121

Description The WebGL DrawElementsInstanced method was susceptible to a heap buffer overflow when used on systems with the Mesa VM driver. This issue could allow an attacker to perform remote code execution and sandbox escape.

Recommendations For Firefox ESR versions prior to 115.6, update to version 115.6 or later. For Thunderbird versions prior to 115.6, update to version 115.6 or later. For Firefox versions prior to 121, update to version 121 or later. As a temporary workaround, consider disabling the WebGL DrawElementsInstanced method until a patch is available.

Correção

RCE

Heap Based Buffer Overflow

Memory Corruption

Encontrou algum problema na descrição? Tem algo a acrescentar? Fique à vontade para nos escrever 👾

dbugs@ptsecurity.com

Enumeração de Fraquezas

CWE-122CWE-787

Identificadores relacionados

ALSA-2024:0001

ALSA-2024:0003

ALSA-2024:0012

ALSA-2024:0025

ALT-PU-2023-8216

ALT-PU-2023-8227

ALT-PU-2023-8231

ALT-PU-2023-8368

ALT-PU-2024-13898

ALT-PU-2024-15839

ALT-PU-2024-3614

ALT-PU-2024-3860

ALT-PU-2024-4748

BDU:2023-09119

CESA-2024_0003

CESA-2024_0012

CESA-2024_0026

CESA-2024_0027

CVE-2023-6856

DLA-3697-1

DLA-3698-1

DSA-5581-1

DSA-5582-1

MGASA-2024-0006

MGASA-2024-0012

OESA-2025-1322

OESA-2025-1323

OPENSUSE-SU-2023_4928-1

OPENSUSE-SU-2024:13519-1

OPENSUSE-SU-2024:13531-1

OPENSUSE-SU-2024:14572-1

OPENSUSE-SU-2024_0044-1

RHSA-2024:0001

RHSA-2024:0002

RHSA-2024:0003

RHSA-2024:0004

RHSA-2024:0005

RHSA-2024:0011

RHSA-2024:0012

RHSA-2024:0019

RHSA-2024:0021

RHSA-2024:0022

RHSA-2024:0023

RHSA-2024:0024

RHSA-2024:0025

RHSA-2024:0026

RHSA-2024:0027

RHSA-2024:0028

RHSA-2024:0029

RHSA-2024:0030

RHSA-2024_0001

RHSA-2024_0003

RHSA-2024_0012

RHSA-2024_0025

RHSA-2024_0026

RHSA-2024_0027

RLSA-2024:0003

RLSA-2024:0012

SUSE-SU-2023:4912-1

SUSE-SU-2023:4928-1

SUSE-SU-2023:4929-1

SUSE-SU-2024:0044-1

USN-6562-1

USN-6562-2

USN-6563-1

Produtos afetados

Alt Linux

Almalinux

Astra Linux

Centos

Firefox

Linuxmint

Red Hat

Red Os

Suse

Thunderbird

Ubuntu

PT-2023-8005 · Mozilla+9 · Firefox+10

CVE-2023-6856

Enumeração de Fraquezas

Identificadores relacionados

Produtos afetados

Referências · 2055