CVE-2023-6204 — Out-of-bounds Read in Mozilla Firefox

CWE-125 — Out-of-bounds Read14 documents8 sources

Severity

6.5MEDIUMNVD

EPSS

0.3%

top 49.91%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Mozilla Firefox Mozilla Firefox ESR Mozilla Thunderbird +1 more

Timeline

PublishedNov 21

Latest updateDec 4

Description

On some systems—depending on the graphics settings and drivers—it was possible to force an out-of-bounds read and leak memory data into the images created on the canvas element. This vulnerability affects Firefox < 120, Firefox ESR < 115.5.0, and Thunderbird < 115.5.

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:NExploitability: 2.8 | Impact: 3.6

Affected Packages7 packages

▶CVEListV5mozilla/firefoxunspecified — 120

▶NVDmozilla/firefox< 120.0

▶CVEListV5mozilla/firefox_esrunspecified — 115.5.0

▶NVDmozilla/firefox_esr< 115.5.0

▶CVEListV5mozilla/thunderbirdunspecified — 115.5

Also affects: Debian Linux 10.0, 11.0, 12.0

🔴Vulnerability Details

OSV

firefox regressions↗2023-12-04

▶

OSV

thunderbird vulnerabilities↗2023-11-27

▶

OSV

firefox vulnerabilities↗2023-11-23

▶

CVEList

CVE-2023-6204: On some systems—depending on the graphics settings and drivers—it was possible to force an out-of-bounds read and leak memory data into the images cre↗2023-11-21

▶

GHSA

GHSA-c9gw-j4mh-mj26: On some systems—depending on the graphics settings and drivers—it was possible to force an out-of-bounds read and leak memory data into the images cre↗2023-11-21

▶

📋Vendor Advisories

Ubuntu

Thunderbird vulnerabilities↗2023-11-27

▶

Ubuntu

Firefox vulnerabilities↗2023-11-23

▶

Red Hat

Mozilla: Out-of-bound memory access in WebGL2 blitFramebuffer↗2023-11-21

▶

Debian

CVE-2023-6204: firefox - On some systems—depending on the graphics settings and drivers—it was possible t...↗2023

▶

Mozilla

Mozilla Foundation Security Advisory 2023-50: CVE-2023-6204↗

▶