vulnerability

Red Hat: CVE-2023-6860: Mozilla: Potential sandbox escape due to <code>VideoBridge</code> lack of texture validation (Multiple Advisories)

Try Surface Command

Back to search

Severity	CVSS	Published	Added	Modified
6	(AV:N/AC:L/Au:N/C:P/I:P/A:N)	Dec 19, 2023	Jan 3, 2024	Mar 21, 2025

Severity

CVSS

(AV:N/AC:L/Au:N/C:P/I:P/A:N)

Published

Dec 19, 2023

Added

Jan 3, 2024

Modified

Mar 21, 2025

Description

The `VideoBridge` allowed any content process to use textures produced by remote decoders. This could be abused to escape the sandbox. This vulnerability affects Firefox ESR

Solution(s)

redhat-upgrade-firefoxredhat-upgrade-firefox-debuginforedhat-upgrade-firefox-debugsourceredhat-upgrade-firefox-x11redhat-upgrade-thunderbirdredhat-upgrade-thunderbird-debuginforedhat-upgrade-thunderbird-debugsource

References

NVD-CVE-2023-6860
REDHAT-RHSA-2024:0001
REDHAT-RHSA-2024:0002
REDHAT-RHSA-2024:0003
REDHAT-RHSA-2024:0004
REDHAT-RHSA-2024:0005
REDHAT-RHSA-2024:0011
REDHAT-RHSA-2024:0012
REDHAT-RHSA-2024:0019
REDHAT-RHSA-2024:0022
REDHAT-RHSA-2024:0024
REDHAT-RHSA-2024:0025
REDHAT-RHSA-2024:0026
REDHAT-RHSA-2024:0027
REDHAT-RHSA-2024:0029

NEW

Explore Exposure Command

Confidently identify and prioritize exposures from endpoint to cloud with full attack surface visibility and threat-aware risk context.

Try it today