Lucene search

[email protected]NVD:CVE-2023-6860

HistoryDec 19, 2023 - 2:15 p.m.

CVE-2023-6860

2023-12-1914:15:07

[email protected]

web.nvd.nist.gov

videobridge

remote decoders

sandbox escape

vulnerability

firefox esr

thunderbird

texture use

6.5 Medium

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

REQUIRED

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

HIGH

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N

0.001 Low

EPSS

Percentile

31.7%

JSON

The VideoBridge allowed any content process to use textures produced by remote decoders. This could be abused to escape the sandbox. This vulnerability affects Firefox ESR < 115.6, Thunderbird < 115.6, and Firefox < 121.

Affected configurations

NVD

Node

mozillafirefoxRange<121.0

mozillafirefox_esrRange<115.6

mozillathunderbirdRange<115.6

Node

debiandebian_linuxMatch10.0

debiandebian_linuxMatch11.0

debiandebian_linuxMatch12.0

References

bugzilla.mozilla.org/show_bug.cgi?id=1854669

lists.debian.org/debian-lts-announce/2023/12/msg00020.html

lists.debian.org/debian-lts-announce/2023/12/msg00021.html

security.gentoo.org/glsa/202401-10

www.debian.org/security/2023/dsa-5581

www.debian.org/security/2023/dsa-5582

www.mozilla.org/security/advisories/mfsa2023-54/

www.mozilla.org/security/advisories/mfsa2023-55/

www.mozilla.org/security/advisories/mfsa2023-56/

6.5 Medium

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

REQUIRED

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

HIGH

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N

0.001 Low

EPSS

Percentile

31.7%

JSON

Related for NVD:CVE-2023-6860

cve1 ubuntucve1 alpinelinux1 prion1 cvelist1 redhatcve1 veracode1 debiancve1 osv13 redhat18 nessus59 debian4 openvas25 oraclelinux6 centos2 mozilla3 kaspersky3 amazon1 almalinux4 rocky2 mageia2 slackware2 ubuntu3 gentoo2