6.5 Medium
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
REQUIRED
Scope
UNCHANGED
Confidentiality Impact
NONE
Integrity Impact
HIGH
Availability Impact
NONE
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N
0.001 Low
EPSS
Percentile
31.7%
The VideoBridge
allowed any content process to use textures produced by remote decoders. This could be abused to escape the sandbox. This vulnerability affects Firefox ESR < 115.6, Thunderbird < 115.6, and Firefox < 121.
bugzilla.mozilla.org/show_bug.cgi?id=1854669
lists.debian.org/debian-lts-announce/2023/12/msg00020.html
lists.debian.org/debian-lts-announce/2023/12/msg00021.html
security.gentoo.org/glsa/202401-10
www.debian.org/security/2023/dsa-5581
www.debian.org/security/2023/dsa-5582
www.mozilla.org/security/advisories/mfsa2023-54/
www.mozilla.org/security/advisories/mfsa2023-55/
www.mozilla.org/security/advisories/mfsa2023-56/