CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
REQUIRED
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
HIGH
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
AI Score
Confidence
High
EPSS
Percentile
77.4%
The WebGL DrawElementsInstanced
method was susceptible to a heap buffer
overflow when used on systems with the Mesa VM driver. This issue could
allow an attacker to perform remote code execution and sandbox escape. This
vulnerability affects Firefox ESR < 115.6, Thunderbird < 115.6, and Firefox
< 121.
Author | Note |
---|---|
tyhicks | mozjs contains a copy of the SpiderMonkey JavaScript engine |
mdeslaur | starting with Ubuntu 22.04, the firefox package is just a script that installs the Firefox snap |
OS | Version | Architecture | Package | Version | Filename |
---|---|---|---|---|---|
ubuntu | 20.04 | noarch | firefox | < 121.0+build1-0ubuntu0.20.04.1 | UNKNOWN |
ubuntu | 22.04 | noarch | mozjs102 | < any | UNKNOWN |
ubuntu | 24.04 | noarch | mozjs102 | < any | UNKNOWN |
ubuntu | 18.04 | noarch | mozjs38 | < any | UNKNOWN |
ubuntu | 18.04 | noarch | mozjs52 | < any | UNKNOWN |
ubuntu | 20.04 | noarch | mozjs52 | < any | UNKNOWN |
ubuntu | 20.04 | noarch | mozjs68 | < any | UNKNOWN |
ubuntu | 22.04 | noarch | mozjs78 | < any | UNKNOWN |
ubuntu | 22.04 | noarch | mozjs91 | < any | UNKNOWN |
ubuntu | 20.04 | noarch | thunderbird | < 1:115.6.0+build2-0ubuntu0.20.04.1 | UNKNOWN |
bugzilla.mozilla.org/show_bug.cgi?id=1843782
launchpad.net/bugs/cve/CVE-2023-6856
nvd.nist.gov/vuln/detail/CVE-2023-6856
security-tracker.debian.org/tracker/CVE-2023-6856
ubuntu.com/security/notices/USN-6562-1
ubuntu.com/security/notices/USN-6563-1
www.cve.org/CVERecord?id=CVE-2023-6856
www.mozilla.org/en-US/security/advisories/mfsa2023-54/#CVE-2023-6856
www.mozilla.org/en-US/security/advisories/mfsa2023-55/#CVE-2023-6856
www.mozilla.org/en-US/security/advisories/mfsa2023-56/#CVE-2023-6856
www.mozilla.org/security/advisories/mfsa2023-54/
www.mozilla.org/security/advisories/mfsa2023-55/
www.mozilla.org/security/advisories/mfsa2023-56/
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
REQUIRED
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
HIGH
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
AI Score
Confidence
High
EPSS
Percentile
77.4%