Critical Vulnerability Information Vulnerability ID CVE-2023-6856 High The WebGL DrawElementsInstanced method, when used with the Mesa VM driver, has a heap buffer overflow vulnerability, potentially leading to remote code execution and sandbox escape. CVE-2023-6865 High EncryptingOutputStream may expose uninitialized data; exploitation could allow data to be written to the local disk, affecting private browsing mode. CVE-2023-6857 Moderate A race condition may occur during symbolic link resolution, causing the buffer passed to to be smaller than required. This affects Unix-based operating systems (Android, Linux, macOS); Windows is unaffected. CVE-2023-6858 Moderate Firefox has a heap buffer overflow issue when handling insufficient memory allocation. CVE-2023-6859 Moderate Under memory pressure, a use-after-free condition exists during TLS socket creation. CVE-2023-6860 Moderate VideoBridge allows textures generated by any decoder to be used by content processes, potentially enabling sandbox escape. CVE-2023-6867 Moderate Pop-up transitions may coincide with the anti-clickjacking delay time in permission prompts, potentially tricking users into clicking unintended permission buttons. CVE-2023-6861 Moderate Heap buffer overflow in the method under header mode. CVE-2023-6862 Moderate Use-after-free issue in . CVE-2023-6863 Low Dynamic type in lacks a virtual destructor, potentially leading to undefined behavior. CVE-2023-6864 High * Fixes memory safety issues in Firefox 121, Firefox ESR 115.6, and Thunderbird 115.6; some show signs of exploitable memory corruption.