VDB
DEBIAN-CVE-2023-6856
DEBIAN-CVE-2023-6856
PUBLISHED
CVSS 8.800000190734863 HIGH
The WebGL `DrawElementsInstanced` method was susceptible to a heap buffer overflow when used on systems with the Mesa VM driver. This issue could allow an attacker to perform remote code execution and sandbox escape. This vulnerability affects Firefox ESR < 115.6, Thunderbird < 115.6, and Firefox < 121.
Risk Scores
CVSS 3.1
8.800000190734863
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Debian:11 | thunderbird | 1:91.6.0-1~deb11u1, 1:91.6.1-1~deb10u1, 1:91.6.1-1~deb11u1 |
| Debian:12 | firefox-esr | 115.5.0esr-1~deb10u1, *, * |
| Debian:14 | firefox-esr | 0, 0, 0 |
| Debian:14 | thunderbird | 0, 0, 0 |
| Debian:12 | thunderbird | 1:115.3.1-1~deb10u1, 1:102.12.0-1, 1:102.12.0-1~deb10u1 |
| Debian:11 | firefox-esr | 91.5.0esr-1, 91.9.1esr-1~deb9u1, * |
| Debian:13 | firefox-esr | 0, 0, 0 |
| Debian:13 | thunderbird | 0, 0, 0 |
Timeline
- Dec 19, 2023 CVE Published
- Apr 28, 2026 CVE Updated