vulnerability
SUSE: CVE-2023-6856: SUSE Linux Security Advisory
| Severity | CVSS | Published | Added | Modified |
|---|---|---|---|---|
| 9 | (AV:N/AC:M/Au:N/C:C/I:C/A:C) | Dec 19, 2023 | Dec 20, 2023 | Jan 28, 2025 |
Severity
9
CVSS
(AV:N/AC:M/Au:N/C:C/I:C/A:C)
Published
Dec 19, 2023
Added
Dec 20, 2023
Modified
Jan 28, 2025
Description
The WebGL `DrawElementsInstanced` method was susceptible to a heap buffer overflow when used on systems with the Mesa VM driver. This issue could allow an attacker to perform remote code execution and sandbox escape. This vulnerability affects Firefox ESR < 115.6, Thunderbird < 115.6, and Firefox < 121.
Solutions
suse-upgrade-mozillafirefoxsuse-upgrade-mozillafirefox-branding-upstreamsuse-upgrade-mozillafirefox-develsuse-upgrade-mozillafirefox-translations-commonsuse-upgrade-mozillafirefox-translations-othersuse-upgrade-mozillathunderbirdsuse-upgrade-mozillathunderbird-translations-commonsuse-upgrade-mozillathunderbird-translations-other
Rapid7 Labs
2026 Global Threat Landscape Report
The predictive window has collapsed. Exploitation follows disclosure in days. See how attackers are accelerating and how to stay ahead.