CVE-2023-6856 Information

Description

The WebGL DrawElementsInstanced method was susceptible to a heap buffer overflow when used on systems with the Mesa VM driver. This issue could allow an attacker to perform remote code execution and sandbox escape. This vulnerability affects Firefox ESR < 115.6 Thunderbird < 115.6 and Firefox < 121.

Reference

https://bugzilla.mozilla.org/show_bug.cgi?id=1843782 https://www.mozilla.org/security/advisories/mfsa2023-54/ https://www.mozilla.org/security/advisories/mfsa2023-55/ https://www.mozilla.org/security/advisories/mfsa2023-56/ https://www.debian.org/security/2023/dsa-5581