vulnerability

Amazon Linux AMI 2: CVE-2023-6856: Security patch for firefox, thunderbird (Multiple Advisories)

Try Surface Command

Back to search

Severity	CVSS	Published	Added	Modified
9	(AV:N/AC:M/Au:N/C:C/I:C/A:C)	Dec 19, 2023	Jan 10, 2024	Jan 28, 2025

Severity

CVSS

(AV:N/AC:M/Au:N/C:C/I:C/A:C)

Published

Dec 19, 2023

Added

Jan 10, 2024

Modified

Jan 28, 2025

Description

The WebGL `DrawElementsInstanced` method was susceptible to a heap buffer overflow when used on systems with the Mesa VM driver. This issue could allow an attacker to perform remote code execution and sandbox escape. This vulnerability affects Firefox ESR < 115.6, Thunderbird < 115.6, and Firefox < 121.

Solutions

amazon-linux-ami-2-upgrade-firefoxamazon-linux-ami-2-upgrade-firefox-debuginfoamazon-linux-ami-2-upgrade-thunderbirdamazon-linux-ami-2-upgrade-thunderbird-debuginfo

References

AMAZON-AL2/ALAS-2024-2377
AMAZON-AL2/ALASFIREFOX-2024-018
CVE-2023-6856
https://attackerkb.com/topics/CVE-2023-6856

Rapid7 Labs

2026 Global Threat Landscape Report

The predictive window has collapsed. Exploitation follows disclosure in days. See how attackers are accelerating and how to stay ahead.

Get report