The WebGL `DrawElementsInstanced` method was susceptible to a heap buffer overflow when used on systems with the Mesa VM driver. This issue could allow an attacker to perform remote code execution and sandbox escape. This vulnerability affects Firefox ESR < 115.6, Thunderbird < 115.6, and Firefox < 121.
Metrics
Affected Vendors & Products
References
History
No history.
MITRE
Status: PUBLISHED
Assigner: mozilla
Published: 2023-12-19T13:38:36.493Z
Updated: 2024-08-02T08:42:08.187Z
Reserved: 2023-12-15T17:42:54.919Z
Link: CVE-2023-6856
Vulnrichment
No data.
NVD
Status : Modified
Published: 2023-12-19T14:15:07.313
Modified: 2024-11-21T08:44:41.670
Link: CVE-2023-6856
Redhat