Security Advisory

CVE-2023-6856

CVE vulnerability detail — eXtreme Datacenter Security Operations

Published 2023-12-19 13:38:36

Last updated 2025-02-13 17:26:33

Assigner mozilla

State PUBLISHED

Description

The WebGL `DrawElementsInstanced` method was susceptible to a heap buffer overflow when used on systems with the Mesa VM driver. This issue could allow an attacker to perform remote code execution and sandbox escape. This vulnerability affects Firefox ESR < 115.6, Thunderbird < 115.6, and Firefox < 121.

← Browse all CVEs View on cve.org ↗