CVE-2023-6204

CVSS 3.1 Score 6.5 of 10 (medium)

Attack Complexity low
Confidentiality high
Integrity none
Availability none
Scope unchanged
Privileges Required none

Details

Published Nov 21, 2023
Updated: Nov 30, 2023
CWE ID 125

Summary

CVE-2023-6204 is a vulnerability that affects Firefox versions below 120, Firefox ESR below 115.5.0, and Thunderbird below 115.5. Under certain graphics settings and with specific drivers, an attacker can induce an out-of-bounds read, resulting in the leakage of memory data into images created using the canvas element. This issue poses a potential risk for information disclosure.

Ligh bulbPrevent cyber attacks with Recorded Future by prioritizing and patching critical vulnerabilities being exploited by threat actors targeting your industry. Book your demo to learn more.

Share