CVE-2023-6856

Source
https://nvd.nist.gov/vuln/detail/CVE-2023-6856
Import Source
https://storage.googleapis.com/osv-test-cve-osv-conversion/osv-output/CVE-2023-6856.json
JSON Data
https://api.test.osv.dev/v1/vulns/CVE-2023-6856
Downstream
Related
Published
2023-12-19T14:15:07Z
Modified
2025-08-09T20:01:25Z
Severity
  • 8.8 (High) CVSS_V3 - CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H CVSS Calculator
Summary
[none]
Details

The WebGL DrawElementsInstanced method was susceptible to a heap buffer overflow when used on systems with the Mesa VM driver. This issue could allow an attacker to perform remote code execution and sandbox escape. This vulnerability affects Firefox ESR < 115.6, Thunderbird < 115.6, and Firefox < 121.

References

Affected packages