The WebGL `DrawElementsInstanced` method was susceptible to a heap buffer overflow when used on systems with the Mesa VM driver. This issue could allow an attacker to perform remote code execution and sandbox escape. This vulnerability affects Firefox ESR < 115.6, Thunderbird < 115.6, and Firefox < 121.
History

No history.

cve-icon MITRE

Status: PUBLISHED

Assigner: mozilla

Published: 2023-12-19T13:38:36.493Z

Updated: 2024-08-02T08:42:08.187Z

Reserved: 2023-12-15T17:42:54.919Z

Link: CVE-2023-6856

cve-icon Vulnrichment

No data.

cve-icon NVD

Status : Modified

Published: 2023-12-19T14:15:07.313

Modified: 2024-11-21T08:44:41.670

Link: CVE-2023-6856

cve-icon Redhat

Severity : Important

Publid Date: 2023-12-19T00:00:00Z

Links: CVE-2023-6856 - Bugzilla