Vulmon Recent Vulnerabilities Research Posts Trends Blog About Contact
NA

CVE-2023-6856

Published: 19/12/2023 Updated: 02/02/2024
CVSS v3 Base Score: 8.8 | Impact Score: 5.9 | Exploitability Score: 2.8
VMScore: 0
Subscribe to Mozilla

Vulnerability Summary

The WebGL `DrawElementsInstanced` method was susceptible to a heap buffer overflow when used on systems with the Mesa VM driver. This issue could allow an malicious user to perform remote code execution and sandbox escape. This vulnerability affects Firefox ESR < 115.6, Thunderbird < 115.6, and Firefox < 121.

Vulnerability Trend

Vulnerable Product Search on Vulmon Subscribe to Product

mozilla thunderbird

mozilla firefox

mozilla firefox esr

debian debian linux 10.0

debian debian linux 11.0

debian debian linux 12.0

Vendor Advisories

Debian Security Advisories: DSA-5581-1 firefox-esr -- security update
Multiple security issues have been found in the Mozilla Firefox web browser, which could potentially result in the execution of arbitrary code, sandbox escape or clickjacking For the oldstable distribution (bullseye), these problems have been fixed in version 11560esr-1~deb11u1 For the stable distribution (bookworm), these problems have been fi ...
Debian Security Advisories: DSA-5582-1 thunderbird -- security update
Multiple security issues were discovered in Thunderbird, which could result in denial of service, the execution of arbitrary code or spoofing of signed PGP/MIME and SMIME emails For the oldstable distribution (bullseye), these problems have been fixed in version 1:11560-1~deb11u1 For the stable distribution (bookworm), these problems have been ...
Amazon Linux 2: ALASFIREFOX-2024-018
The WebGL `DrawElementsInstanced` method was susceptible to a heap buffer overflow when used on systems with the Mesa VM driver This issue could allow an attacker to perform remote code execution and sandbox escape This vulnerability affects Firefox ESR &lt; 1156, Thunderbird &lt; 1156, and Firefox &lt; 121 (CVE-2023-6856) When resolving a sy ...
Amazon Linux 2: ALAS-2024-2377
The signature of a digitally signed S/MIME email message may optionally specify the signature creation date and time If present, Thunderbird did not compare the signature creation date with the message date and time, and displayed a valid signature despite a date or time mismatch This could be used to give recipients the impression that a message ...
Red Hat: Important: thunderbird security update
Synopsis Important: thunderbird security update Type / Sévérité Security Advisory: Important Analyse des correctifs dans Red Hat Insights Identifiez et remédiez aux systèmes concernés par cette alerte Voir les systèmes concernés Sujet An update for thunderbird is now available for Red Hat Enterprise Linux 86 Extended Updat ...
Red Hat: Important: thunderbird security update
Synopsis Important: thunderbird security update Type / Sévérité Security Advisory: Important Analyse des correctifs dans Red Hat Insights Identifiez et remédiez aux systèmes concernés par cette alerte Voir les systèmes concernés Sujet An update for thunderbird is now available for Red Hat Enterprise Linux 88 Extended Updat ...
Red Hat: Important: thunderbird security update
Synopsis Important: thunderbird security update Type/Severity Security Advisory: Important Red Hat Insights patch analysis Identify and remediate systems affected by this advisory View affected systems Topic An update for thunderbird is now available for Red Hat Enterprise Linux 8Red Hat Product Security has rated this update as h ...
Red Hat: Important: thunderbird security update
Synopsis Important: thunderbird security update Type/Severity Security Advisory: Important Red Hat Insights patch analysis Identify and remediate systems affected by this advisory View affected systems Topic An update for thunderbird is now available for Red Hat Enterprise Linux 9Red Hat Product Security has rated this update as h ...
Red Hat: Important: thunderbird security update
Synopsis Important: thunderbird security update Type/Severity Security Advisory: Important Red Hat Insights patch analysis Identify and remediate systems affected by this advisory View affected systems Topic An update for thunderbird is now available for Red Hat Enterprise Linux 84 Advanced Mission Critical Update Support, Red Hat ...
Red Hat: Important: firefox security update
Synopsis Important: firefox security update Type/Severity Security Advisory: Important Red Hat Insights patch analysis Identify and remediate systems affected by this advisory View affected systems Topic An update for firefox is now available for Red Hat Enterprise Linux 7Red Hat Product Security has rated this update as having a ...
Red Hat: Important: firefox security update
Synopsis Important: firefox security update Type/Severity Security Advisory: Important Red Hat Insights patch analysis Identify and remediate systems affected by this advisory View affected systems Topic An update for firefox is now available for Red Hat Enterprise Linux 9Red Hat Product Security has rated this update as having a ...
Red Hat: Important: firefox security update
Synopsis Important: firefox security update Type/Severity Security Advisory: Important Red Hat Insights patch analysis Identify and remediate systems affected by this advisory View affected systems Topic An update for firefox is now available for Red Hat Enterprise Linux 90 Extended Update SupportRed Hat Product Security has rate ...
Red Hat: Important: firefox security update
Synopsis Important: firefox security update Type/Severity Security Advisory: Important Red Hat Insights patch analysis Identify and remediate systems affected by this advisory View affected systems Topic An update for firefox is now available for Red Hat Enterprise Linux 8Red Hat Product Security has rated this update as having a ...
Red Hat: Important: firefox security update
Synopsis Important: firefox security update Type / Sévérité Security Advisory: Important Analyse des correctifs dans Red Hat Insights Identifiez et remédiez aux systèmes concernés par cette alerte Voir les systèmes concernés Sujet An update for firefox is now available for Red Hat Enterprise Linux 88 Extended Update Suppor ...
Red Hat: Important: thunderbird security update
Synopsis Important: thunderbird security update Type/Severity Security Advisory: Important Red Hat Insights patch analysis Identify and remediate systems affected by this advisory View affected systems Topic An update for thunderbird is now available for Red Hat Enterprise Linux 92 Extended Update SupportRed Hat Product Security ...
Red Hat: Important: firefox security update
Synopsis Important: firefox security update Type/Severity Security Advisory: Important Red Hat Insights patch analysis Identify and remediate systems affected by this advisory View affected systems Topic An update for firefox is now available for Red Hat Enterprise Linux 82 Advanced Update Support, Red Hat Enterprise Linux 82 Tel ...
Red Hat: Important: firefox security update
Synopsis Important: firefox security update Type/Severity Security Advisory: Important Red Hat Insights patch analysis Identify and remediate systems affected by this advisory View affected systems Topic An update for firefox is now available for Red Hat Enterprise Linux 84 Advanced Mission Critical Update Support, Red Hat Enterpr ...
Red Hat: Important: thunderbird security update
Synopsis Important: thunderbird security update Type/Severity Security Advisory: Important Red Hat Insights patch analysis Identify and remediate systems affected by this advisory View affected systems Topic An update for thunderbird is now available for Red Hat Enterprise Linux 90 Extended Update SupportRed Hat Product Security ...
Red Hat: Important: firefox security update
Synopsis Important: firefox security update Type/Severity Security Advisory: Important Red Hat Insights patch analysis Identify and remediate systems affected by this advisory View affected systems Topic An update for firefox is now available for Red Hat Enterprise Linux 92 Extended Update SupportRed Hat Product Security has rate ...
Red Hat: Important: thunderbird security update
Synopsis Important: thunderbird security update Type/Severity Security Advisory: Important Red Hat Insights patch analysis Identify and remediate systems affected by this advisory View affected systems Topic An update for thunderbird is now available for Red Hat Enterprise Linux 7Red Hat Product Security has rated this update as h ...
Red Hat: Important: firefox security update
Synopsis Important: firefox security update Type/Severity Security Advisory: Important Red Hat Insights patch analysis Identify and remediate systems affected by this advisory View affected systems Topic An update for firefox is now available for Red Hat Enterprise Linux 86 Extended Update SupportRed Hat Product Security has rate ...
Red Hat: Important: thunderbird security update
Synopsis Important: thunderbird security update Type/Severity Security Advisory: Important Red Hat Insights patch analysis Identify and remediate systems affected by this advisory View affected systems Topic An update for thunderbird is now available for Red Hat Enterprise Linux 82 Advanced Update Support, Red Hat Enterprise Linux ...
Red Hat:
Description<!---->The Mozilla Foundation Security Advisory describes this flaw as: The WebGL `DrawElementsInstanced` method was susceptible to a heap buffer overflow when used on systems with the Mesa VM driver This issue could allow an attacker to perform remote code execution and sandbox escapeThe Mozilla Foundation Security Advisory describe ...
Mozilla: Security Vulnerabilities fixed in Thunderbird 115.6
Mozilla Foundation Security Advisory 2023-55 Security Vulnerabilities fixed in Thunderbird 1156 Announced December 19, 2023 Impact high Products Thunderbird Fixed in Thunderbird 1156 ...
Mozilla: Security Vulnerabilities fixed in Firefox ESR 115.6
Mozilla Foundation Security Advisory 2023-54 Security Vulnerabilities fixed in Firefox ESR 1156 Announced December 19, 2023 Impact high Products Firefox ESR Fixed in Firefox ESR 1156 ...
Mozilla: Security Vulnerabilities fixed in Firefox 121
Mozilla Foundation Security Advisory 2023-56 Security Vulnerabilities fixed in Firefox 121 Announced December 19, 2023 Impact high Products Firefox Fixed in Firefox 121 ...

References

CWE-787https://bugzilla.mozilla.org/show_bug.cgi?id=1843782https://www.mozilla.org/security/advisories/mfsa2023-54/https://www.mozilla.org/security/advisories/mfsa2023-55/https://www.mozilla.org/security/advisories/mfsa2023-56/https://www.debian.org/security/2023/dsa-5581https://www.debian.org/security/2023/dsa-5582https://lists.debian.org/debian-lts-announce/2023/12/msg00020.htmlhttps://lists.debian.org/debian-lts-announce/2023/12/msg00021.htmlhttps://security.gentoo.org/glsa/202401-10https://nvd.nist.govhttps://www.debian.org/security/2023/dsa-5581
CVSSv2
CVSSv2
CVSSv3
VMScore
Recommendations:
blind SQL injectionCVE-2006-4304CVE-2023-26603CVE-2024-28327CVE-2023-50363CVE-2024-21905template injectionCVE-2024-3400cross-site request forgery
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started

Vulmon Search

Vulmon Search is a vulnerability search engine. It gives comprehensive vulnerability information through a very simple user interface.

About

Home Recent Vulnerabilities Research Posts Trends Blog About Contact

Products

Vulmon Search Vulmon Research Vulmon Alerts Vulmap

Connect

Twitter Reddit Linkedin Facebook