Lucene search

K

[email protected]NVD:CVE-2023-6204

HistoryNov 21, 2023 - 3:15 p.m.

CVE-2023-6204

2023-11-2115:15:07

CWE-125

[email protected]

web.nvd.nist.gov

out-of-bounds read

vulnerability

firefox

thunderbird

memory leak

canvas element

6.5 Medium

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

REQUIRED

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

NONE

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N

0.001 Low

EPSS

Percentile

32.2%

On some systems—depending on the graphics settings and drivers—it was possible to force an out-of-bounds read and leak memory data into the images created on the canvas element. This vulnerability affects Firefox < 120, Firefox ESR < 115.5.0, and Thunderbird < 115.5.

Affected configurations

NVD

Node

mozillafirefoxRange<120.0

OR

mozillafirefox_esrRange<115.5.0

OR

mozillathunderbirdRange<115.5

Node

debiandebian_linuxMatch10.0

OR

debiandebian_linuxMatch11.0

OR

debiandebian_linuxMatch12.0

References

bugzilla.mozilla.org/show_bug.cgi?id=1841050

lists.debian.org/debian-lts-announce/2023/11/msg00017.html

lists.debian.org/debian-lts-announce/2023/11/msg00030.html

www.debian.org/security/2023/dsa-5561

www.mozilla.org/security/advisories/mfsa2023-49/

www.mozilla.org/security/advisories/mfsa2023-50/

www.mozilla.org/security/advisories/mfsa2023-52/

6.5 Medium

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

REQUIRED

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

NONE

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N

0.001 Low

EPSS

Percentile

32.2%

Related for NVD:CVE-2023-6204

cvelist1 ubuntucve1 cve1 prion1 redhatcve1 alpinelinux1 veracode1 debiancve1 openvas23 nessus61 mageia2 oraclelinux6 amazon1 osv12 debian4 mozilla3 redhat20 kaspersky3 almalinux4 rocky1 slackware2 ubuntu3 gentoo1