{"id":"CVE-2023-6860","details":"The `VideoBridge` allowed any content process to use textures produced by remote decoders.  This could be abused to escape the sandbox. This vulnerability affects Firefox ESR \u003c 115.6, Thunderbird \u003c 115.6, and Firefox \u003c 121.","modified":"2026-04-16T04:33:24.793056364Z","published":"2023-12-19T14:15:07.510Z","related":["ALSA-2024:0001","ALSA-2024:0003","ALSA-2024:0012","ALSA-2024:0025","SUSE-SU-2023:4912-1","SUSE-SU-2023:4928-1","SUSE-SU-2023:4929-1","SUSE-SU-2024:0044-1","openSUSE-SU-2024:13519-1","openSUSE-SU-2024:13531-1","openSUSE-SU-2024:14572-1"],"references":[{"type":"ADVISORY","url":"https://lists.debian.org/debian-lts-announce/2023/12/msg00020.html"},{"type":"ADVISORY","url":"https://security.gentoo.org/glsa/202401-10"},{"type":"ADVISORY","url":"https://www.debian.org/security/2023/dsa-5582"},{"type":"ADVISORY","url":"https://lists.debian.org/debian-lts-announce/2023/12/msg00021.html"},{"type":"ADVISORY","url":"https://www.debian.org/security/2023/dsa-5581"},{"type":"ADVISORY","url":"https://www.mozilla.org/security/advisories/mfsa2023-54/"},{"type":"ADVISORY","url":"https://www.mozilla.org/security/advisories/mfsa2023-55/"},{"type":"ADVISORY","url":"https://www.mozilla.org/security/advisories/mfsa2023-56/"},{"type":"REPORT","url":"https://bugzilla.mozilla.org/show_bug.cgi?id=1854669"}],"affected":[{"database_specific":{"source":"https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2023-6860.json","unresolved_ranges":[{"events":[{"introduced":"0"},{"fixed":"121.0"}]},{"events":[{"introduced":"0"},{"fixed":"115.6"}]},{"events":[{"introduced":"0"},{"fixed":"115.6"}]},{"events":[{"introduced":"0"},{"last_affected":"10.0"}]},{"events":[{"introduced":"0"},{"last_affected":"11.0"}]},{"events":[{"introduced":"0"},{"last_affected":"12.0"}]}]}}],"schema_version":"1.7.5","severity":[{"type":"CVSS_V3","score":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N"}]}