PT-2023-7974 · Mozilla+9 · Firefox+11
Andrew Osmond
·
Published
2023-12-19
·
Updated
2025-03-14
·
CVE-2023-6860
CVSS v2.0
7.8
High
| Vector | AV:N/AC:L/Au:N/C:N/I:C/A:N |
Name of the Vulnerable Software and Affected Versions
Firefox ESR versions prior to 115.6
Thunderbird versions prior to 115.6
Firefox versions prior to 121
Description
The
VideoBridge component allowed any content process to use textures produced by remote decoders, which could be abused to escape the sandbox. This issue is related to errors in security settings and could be exploited by a remote attacker to bypass the sandbox protection mechanism.Recommendations
For Firefox ESR versions prior to 115.6, update to version 115.6 or later.
For Thunderbird versions prior to 115.6, update to version 115.6 or later.
For Firefox versions prior to 121, update to version 121 or later.
Exploit
Fix
Found an issue in the description? Have something to add? Feel free to write us 👾
Weakness Enumeration
Related Identifiers
Affected Products
Alt Linux
Almalinux
Astra Linux
Centos
Firefox
Firefox Esr
Linuxmint
Red Hat
Red Os
Suse
Thunderbird
Ubuntu