CVE-2023-6860

Summary

The VideoBridge allowed any content process to use textures produced by remote decoders. This could be abused to escape the sandbox. This vulnerability affects Firefox ESR < 115.6, Thunderbird < 115.6, and Firefox < 121.

Affected Software

VendorProductVersion RangeStatus
MozillaFirefox ESRunspecified < 115.6affected
MozillaThunderbirdunspecified < 115.6affected
MozillaFirefoxunspecified < 121affected

Weaknesses

  • Potential sandbox escape due to VideoBridge lack of texture validation

ADP Enrichment

CVE Program Container

Additional References

References