CVE-2023-6856

Summary

The WebGL DrawElementsInstanced method was susceptible to a heap buffer overflow when used on systems with the Mesa VM driver. This issue could allow an attacker to perform remote code execution and sandbox escape. This vulnerability affects Firefox ESR < 115.6, Thunderbird < 115.6, and Firefox < 121.

Affected Software

VendorProductVersion RangeStatus
MozillaFirefox ESRunspecified < 115.6affected
MozillaThunderbirdunspecified < 115.6affected
MozillaFirefoxunspecified < 121affected

Weaknesses

  • Heap-buffer-overflow affecting WebGL DrawElementsInstanced method with Mesa VM driver

ADP Enrichment

CVE Program Container

Additional References

References