{"dataType": "CVE_RECORD", "dataVersion": "5.1", "cveMetadata": {"cveId": "CVE-2023-6856", "assignerOrgId": "f16b083a-5664-49f3-a51e-8d479e5ed7fe", "state": "PUBLISHED", "assignerShortName": "mozilla", "dateReserved": "2023-12-15T17:42:54.919Z", "datePublished": "2023-12-19T13:38:36.493Z", "dateUpdated": "2024-08-02T08:42:08.187Z"}, "containers": {"cna": {"affected": [{"product": "Firefox ESR", "vendor": "Mozilla", "versions": [{"lessThan": "115.6", "status": "affected", "version": "unspecified", "versionType": "custom"}]}, {"product": "Thunderbird", "vendor": "Mozilla", "versions": [{"lessThan": "115.6", "status": "affected", "version": "unspecified", "versionType": "custom"}]}, {"product": "Firefox", "vendor": "Mozilla", "versions": [{"lessThan": "121", "status": "affected", "version": "unspecified", "versionType": "custom"}]}], "descriptions": [{"lang": "en", "value": "The WebGL `DrawElementsInstanced` method was susceptible to a heap buffer overflow when used on systems with the Mesa VM driver. This issue could allow an attacker to perform remote code execution and sandbox escape. This vulnerability affects Firefox ESR < 115.6, Thunderbird < 115.6, and Firefox < 121.", "supportingMedia": [{"type": "text/html", "base64": false, "value": "The WebGL <code>DrawElementsInstanced</code> method was susceptible to a heap buffer overflow when used on systems with the Mesa VM driver. This issue could allow an attacker to perform remote code execution and sandbox escape. This vulnerability affects Firefox ESR < 115.6, Thunderbird < 115.6, and Firefox < 121."}]}], "problemTypes": [{"descriptions": [{"description": "Heap-buffer-overflow affecting WebGL DrawElementsInstanced method with Mesa VM driver", "lang": "en", "type": "text"}]}], "references": [{"url": "https://bugzilla.mozilla.org/show_bug.cgi?id=1843782"}, {"url": "https://www.mozilla.org/security/advisories/mfsa2023-54/"}, {"url": "https://www.mozilla.org/security/advisories/mfsa2023-55/"}, {"url": "https://www.mozilla.org/security/advisories/mfsa2023-56/"}, {"url": "https://www.debian.org/security/2023/dsa-5581"}, {"url": "https://www.debian.org/security/2023/dsa-5582"}, {"url": "https://lists.debian.org/debian-lts-announce/2023/12/msg00020.html"}, {"url": "https://lists.debian.org/debian-lts-announce/2023/12/msg00021.html"}, {"url": "https://security.gentoo.org/glsa/202401-10"}], "credits": [{"lang": "en", "value": "DoHyun Lee"}], "providerMetadata": {"orgId": "f16b083a-5664-49f3-a51e-8d479e5ed7fe", "shortName": "mozilla", "dateUpdated": "2023-12-19T16:42:14.178Z"}}, "adp": [{"providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-02T08:42:08.187Z"}, "title": "CVE Program Container", "references": [{"url": "https://bugzilla.mozilla.org/show_bug.cgi?id=1843782", "tags": ["x_transferred"]}, {"url": "https://www.mozilla.org/security/advisories/mfsa2023-54/", "tags": ["x_transferred"]}, {"url": "https://www.mozilla.org/security/advisories/mfsa2023-55/", "tags": ["x_transferred"]}, {"url": "https://www.mozilla.org/security/advisories/mfsa2023-56/", "tags": ["x_transferred"]}, {"url": "https://www.debian.org/security/2023/dsa-5581", "tags": ["x_transferred"]}, {"url": "https://www.debian.org/security/2023/dsa-5582", "tags": ["x_transferred"]}, {"url": "https://lists.debian.org/debian-lts-announce/2023/12/msg00020.html", "tags": ["x_transferred"]}, {"url": "https://lists.debian.org/debian-lts-announce/2023/12/msg00021.html", "tags": ["x_transferred"]}, {"url": "https://security.gentoo.org/glsa/202401-10", "tags": ["x_transferred"]}]}]}}

{}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:mozilla:firefox:*:*:*:*:*:*:*:*", "matchCriteriaId": "A3D81D72-5965-4DB7-BFA7-9A32A9108919", "versionEndExcluding": "121.0", "vulnerable": true}, {"criteria": "cpe:2.3:a:mozilla:firefox_esr:*:*:*:*:*:*:*:*", "matchCriteriaId": "46B36C5E-77B7-4FBF-8B7A-6F794C8B8B2B", "versionEndExcluding": "115.6", "vulnerable": true}, {"criteria": "cpe:2.3:a:mozilla:thunderbird:*:*:*:*:*:*:*:*", "matchCriteriaId": "1856451B-B03F-4BF2-AEFE-BF66D82D9E78", "versionEndExcluding": "115.6", "vulnerable": true}], "negate": false, "operator": "OR"}]}, {"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:debian:debian_linux:10.0:*:*:*:*:*:*:*", "matchCriteriaId": "07B237A9-69A3-4A9C-9DA0-4E06BD37AE73", "vulnerable": true}, {"criteria": "cpe:2.3:o:debian:debian_linux:11.0:*:*:*:*:*:*:*", "matchCriteriaId": "FA6FEEC2-9F11-4643-8827-749718254FED", "vulnerable": true}, {"criteria": "cpe:2.3:o:debian:debian_linux:12.0:*:*:*:*:*:*:*", "matchCriteriaId": "46D69DCC-AE4D-4EA5-861C-D60951444C6C", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "cveTags": [], "descriptions": [{"lang": "en", "value": "The WebGL `DrawElementsInstanced` method was susceptible to a heap buffer overflow when used on systems with the Mesa VM driver. This issue could allow an attacker to perform remote code execution and sandbox escape. This vulnerability affects Firefox ESR < 115.6, Thunderbird < 115.6, and Firefox < 121."}, {"lang": "es", "value": "El m\u00e9todo WebGL `DrawElementsInstanced` era susceptible a un desbordamiento de b\u00fafer cuando se usaba en sistemas con el controlador Mesa VM. Este problema podr\u00eda permitir a un atacante realizar la ejecuci\u00f3n remota de c\u00f3digo y escapar de la zona de pruebas. Esta vulnerabilidad afecta a Firefox ESR &lt;115.6, Thunderbird &lt;115.6 y Firefox &lt;121."}], "id": "CVE-2023-6856", "lastModified": "2024-02-02T02:31:59.007", "metrics": {"cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 8.8, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "REQUIRED", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "version": "3.1"}, "exploitabilityScore": 2.8, "impactScore": 5.9, "source": "nvd@nist.gov", "type": "Primary"}]}, "published": "2023-12-19T14:15:07.313", "references": [{"source": "security@mozilla.org", "tags": ["Issue Tracking", "Permissions Required"], "url": "https://bugzilla.mozilla.org/show_bug.cgi?id=1843782"}, {"source": "security@mozilla.org", "tags": ["Mailing List", "Third Party Advisory"], "url": "https://lists.debian.org/debian-lts-announce/2023/12/msg00020.html"}, {"source": "security@mozilla.org", "tags": ["Mailing List", "Third Party Advisory"], "url": "https://lists.debian.org/debian-lts-announce/2023/12/msg00021.html"}, {"source": "security@mozilla.org", "tags": ["Third Party Advisory"], "url": "https://security.gentoo.org/glsa/202401-10"}, {"source": "security@mozilla.org", "tags": ["Third Party Advisory"], "url": "https://www.debian.org/security/2023/dsa-5581"}, {"source": "security@mozilla.org", "tags": ["Third Party Advisory"], "url": "https://www.debian.org/security/2023/dsa-5582"}, {"source": "security@mozilla.org", "tags": ["Vendor Advisory"], "url": "https://www.mozilla.org/security/advisories/mfsa2023-54/"}, {"source": "security@mozilla.org", "tags": ["Vendor Advisory"], "url": "https://www.mozilla.org/security/advisories/mfsa2023-55/"}, {"source": "security@mozilla.org", "tags": ["Vendor Advisory"], "url": "https://www.mozilla.org/security/advisories/mfsa2023-56/"}], "sourceIdentifier": "security@mozilla.org", "vulnStatus": "Analyzed", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-787"}], "source": "nvd@nist.gov", "type": "Primary"}]}

{"acknowledgement": "Red Hat would like to thank the Mozilla project for reporting this issue. Upstream acknowledges DoHyun Lee as the original reporter.", "affected_release": [{"advisory": "RHSA-2024:0026", "cpe": "cpe:/o:redhat:enterprise_linux:7", "package": "firefox-0:115.6.0-1.el7_9", "product_name": "Red Hat Enterprise Linux 7", "release_date": "2024-01-02T00:00:00Z"}, {"advisory": "RHSA-2024:0027", "cpe": "cpe:/o:redhat:enterprise_linux:7", "package": "thunderbird-0:115.6.0-1.el7_9", "product_name": "Red Hat Enterprise Linux 7", "release_date": "2024-01-02T00:00:00Z"}, {"advisory": "RHSA-2024:0003", "cpe": "cpe:/a:redhat:enterprise_linux:8", "package": "thunderbird-0:115.6.0-1.el8_9", "product_name": "Red Hat Enterprise Linux 8", "release_date": "2024-01-02T00:00:00Z"}, {"advisory": "RHSA-2024:0012", "cpe": "cpe:/a:redhat:enterprise_linux:8", "package": "firefox-0:115.6.0-1.el8_9", "product_name": "Red Hat Enterprise Linux 8", "release_date": "2024-01-02T00:00:00Z"}, {"advisory": "RHSA-2024:0023", "cpe": "cpe:/a:redhat:rhel_aus:8.2", "package": "firefox-0:115.6.0-1.el8_2", "product_name": "Red Hat Enterprise Linux 8.2 Advanced Update Support", "release_date": "2024-01-02T00:00:00Z"}, {"advisory": "RHSA-2024:0030", "cpe": "cpe:/a:redhat:rhel_aus:8.2", "package": "thunderbird-0:115.6.0-1.el8_2", "product_name": "Red Hat Enterprise Linux 8.2 Advanced Update Support", "release_date": "2024-01-02T00:00:00Z"}, {"advisory": "RHSA-2024:0023", "cpe": "cpe:/a:redhat:rhel_tus:8.2", "package": "firefox-0:115.6.0-1.el8_2", "product_name": "Red Hat Enterprise Linux 8.2 Telecommunications Update Service", "release_date": "2024-01-02T00:00:00Z"}, {"advisory": "RHSA-2024:0030", "cpe": "cpe:/a:redhat:rhel_tus:8.2", "package": "thunderbird-0:115.6.0-1.el8_2", "product_name": "Red Hat Enterprise Linux 8.2 Telecommunications Update Service", "release_date": "2024-01-02T00:00:00Z"}, {"advisory": "RHSA-2024:0023", "cpe": "cpe:/a:redhat:rhel_e4s:8.2", "package": "firefox-0:115.6.0-1.el8_2", "product_name": "Red Hat Enterprise Linux 8.2 Update Services for SAP Solutions", "release_date": "2024-01-02T00:00:00Z"}, {"advisory": "RHSA-2024:0030", "cpe": "cpe:/a:redhat:rhel_e4s:8.2", "package": "thunderbird-0:115.6.0-1.el8_2", "product_name": "Red Hat Enterprise Linux 8.2 Update Services for SAP Solutions", "release_date": "2024-01-02T00:00:00Z"}, {"advisory": "RHSA-2024:0021", "cpe": "cpe:/a:redhat:rhel_aus:8.4", "package": "firefox-0:115.6.0-1.el8_4", "product_name": "Red Hat Enterprise Linux 8.4 Advanced Mission Critical Update Support", "release_date": "2024-01-02T00:00:00Z"}, {"advisory": "RHSA-2024:0028", "cpe": "cpe:/a:redhat:rhel_aus:8.4", "package": "thunderbird-0:115.6.0-1.el8_4", "product_name": "Red Hat Enterprise Linux 8.4 Advanced Mission Critical Update Support", "release_date": "2024-01-02T00:00:00Z"}, {"advisory": "RHSA-2024:0021", "cpe": "cpe:/a:redhat:rhel_tus:8.4", "package": "firefox-0:115.6.0-1.el8_4", "product_name": "Red Hat Enterprise Linux 8.4 Telecommunications Update Service", "release_date": "2024-01-02T00:00:00Z"}, {"advisory": "RHSA-2024:0028", "cpe": "cpe:/a:redhat:rhel_tus:8.4", "package": "thunderbird-0:115.6.0-1.el8_4", "product_name": "Red Hat Enterprise Linux 8.4 Telecommunications Update Service", "release_date": "2024-01-02T00:00:00Z"}, {"advisory": "RHSA-2024:0021", "cpe": "cpe:/a:redhat:rhel_e4s:8.4", "package": "firefox-0:115.6.0-1.el8_4", "product_name": "Red Hat Enterprise Linux 8.4 Update Services for SAP Solutions", "release_date": "2024-01-02T00:00:00Z"}, {"advisory": "RHSA-2024:0028", "cpe": "cpe:/a:redhat:rhel_e4s:8.4", "package": "thunderbird-0:115.6.0-1.el8_4", "product_name": "Red Hat Enterprise Linux 8.4 Update Services for SAP Solutions", "release_date": "2024-01-02T00:00:00Z"}, {"advisory": "RHSA-2024:0005", "cpe": "cpe:/a:redhat:rhel_eus:8.6", "package": "thunderbird-0:115.6.0-1.el8_6", "product_name": "Red Hat Enterprise Linux 8.6 Extended Update Support", "release_date": "2024-01-02T00:00:00Z"}, {"advisory": "RHSA-2024:0024", "cpe": "cpe:/a:redhat:rhel_eus:8.6", "package": "firefox-0:115.6.0-1.el8_6", "product_name": "Red Hat Enterprise Linux 8.6 Extended Update Support", "release_date": "2024-01-02T00:00:00Z"}, {"advisory": "RHSA-2024:0004", "cpe": "cpe:/a:redhat:rhel_eus:8.8", "package": "thunderbird-0:115.6.0-1.el8_8", "product_name": "Red Hat Enterprise Linux 8.8 Extended Update Support", "release_date": "2024-01-02T00:00:00Z"}, {"advisory": "RHSA-2024:0011", "cpe": "cpe:/a:redhat:rhel_eus:8.8", "package": "firefox-0:115.6.0-1.el8_8", "product_name": "Red Hat Enterprise Linux 8.8 Extended Update Support", "release_date": "2024-01-02T00:00:00Z"}, {"advisory": "RHSA-2024:0001", "cpe": "cpe:/a:redhat:enterprise_linux:9", "package": "thunderbird-0:115.6.0-1.el9_3", "product_name": "Red Hat Enterprise Linux 9", "release_date": "2024-01-02T00:00:00Z"}, {"advisory": "RHSA-2024:0025", "cpe": "cpe:/a:redhat:enterprise_linux:9", "package": "firefox-0:115.6.0-1.el9_3", "product_name": "Red Hat Enterprise Linux 9", "release_date": "2024-01-02T00:00:00Z"}, {"advisory": "RHSA-2024:0002", "cpe": "cpe:/a:redhat:rhel_eus:9.0", "package": "thunderbird-0:115.6.0-1.el9_0", "product_name": "Red Hat Enterprise Linux 9.0 Extended Update Support", "release_date": "2024-01-02T00:00:00Z"}, {"advisory": "RHSA-2024:0022", "cpe": "cpe:/a:redhat:rhel_eus:9.0", "package": "firefox-0:115.6.0-1.el9_0", "product_name": "Red Hat Enterprise Linux 9.0 Extended Update Support", "release_date": "2024-01-02T00:00:00Z"}, {"advisory": "RHSA-2024:0019", "cpe": "cpe:/a:redhat:rhel_eus:9.2", "package": "firefox-0:115.6.0-1.el9_2", "product_name": "Red Hat Enterprise Linux 9.2 Extended Update Support", "release_date": "2024-01-02T00:00:00Z"}, {"advisory": "RHSA-2024:0029", "cpe": "cpe:/a:redhat:rhel_eus:9.2", "package": "thunderbird-0:115.6.0-1.el9_2", "product_name": "Red Hat Enterprise Linux 9.2 Extended Update Support", "release_date": "2024-01-02T00:00:00Z"}], "bugzilla": {"description": "Mozilla: Heap-buffer-overflow affecting WebGL <code>DrawElementsInstanced</code> method with Mesa VM driver", "id": "2255360", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2255360"}, "csaw": false, "cvss3": {"cvss3_base_score": "8.8", "cvss3_scoring_vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "status": "verified"}, "cwe": "CWE-122", "details": ["The WebGL `DrawElementsInstanced` method was susceptible to a heap buffer overflow when used on systems with the Mesa VM driver. This issue could allow an attacker to perform remote code execution and sandbox escape. This vulnerability affects Firefox ESR < 115.6, Thunderbird < 115.6, and Firefox < 121.", "The Mozilla Foundation Security Advisory describes this flaw as:\nThe WebGL `DrawElementsInstanced` method was susceptible to a heap buffer overflow when used on systems with the Mesa VM driver. This issue could allow an attacker to perform remote code execution and sandbox escape."], "name": "CVE-2023-6856", "package_state": [{"cpe": "cpe:/o:redhat:enterprise_linux:6", "fix_state": "Out of support scope", "package_name": "firefox", "product_name": "Red Hat Enterprise Linux 6"}, {"cpe": "cpe:/o:redhat:enterprise_linux:6", "fix_state": "Out of support scope", "package_name": "thunderbird", "product_name": "Red Hat Enterprise Linux 6"}], "public_date": "2023-12-19T00:00:00Z", "references": ["https://www.cve.org/CVERecord?id=CVE-2023-6856\nhttps://nvd.nist.gov/vuln/detail/CVE-2023-6856\nhttps://www.mozilla.org/en-US/security/advisories/mfsa2023-54/#CVE-2023-6856\nhttps://www.mozilla.org/en-US/security/advisories/mfsa2023-55/#CVE-2023-6856"], "statement": "Red Hat Product Security rates the severity of this flaw as determined by the Mozilla Foundation Security Advisory.", "threat_severity": "Important", "upstream_fix": "firefox 115.6, thunderbird 115.6"}