medium
6.5
CWE
125
EPSS
0.075%
Advisory Published
CVE Published
Updated

CVE-2023-6204

First published: Tue Nov 21 2023(Updated: )

On some systems—depending on the graphics settings and drivers—it was possible to force an out-of-bounds read and leak memory data into the images created on the canvas element. This vulnerability affects Firefox < 120, Firefox ESR < 115.5.0, and Thunderbird < 115.5.

Credit: security@mozilla.org

Affected SoftwareAffected VersionHow to fix
redhat/firefox<115.5
115.5
redhat/thunderbird<115.5
115.5
ubuntu/firefox<120.0+
120.0+
ubuntu/thunderbird<1:115.5.0+
1:115.5.0+
ubuntu/thunderbird<1:115.5.0+
1:115.5.0+
ubuntu/thunderbird<1:115.5.0+
1:115.5.0+
ubuntu/thunderbird<1:115.5.0+
1:115.5.0+
debian/firefox
123.0-1
debian/firefox-esr<=91.12.0esr-1~deb10u1
115.8.0esr-1~deb10u1
115.7.0esr-1~deb11u1
115.8.0esr-1~deb11u1
115.7.0esr-1~deb12u1
115.8.0esr-1~deb12u1
115.8.0esr-1
debian/thunderbird<=1:91.12.0-1~deb10u1
1:115.8.0-1~deb10u1
1:115.7.0-1~deb11u1
1:115.8.0-1~deb11u1
1:115.7.0-1~deb12u1
1:115.8.0-1~deb12u1
1:115.7.0-1
1:115.8.1-1
Thunderbird<115.5
115.5
Firefox ESR<115.5
115.5
Firefox<120
120
Firefox<120.0
Firefox ESR<115.5.0
Thunderbird<115.5
Debian Linux=10.0
Debian Linux=11.0
Debian Linux=12.0

Never miss a vulnerability like this again

Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.

Read MoreStart Free Trial

Reference Links

Parent vulnerabilities

(Appears in the following advisories)

Peer vulnerabilities

(Found alongside the following vulnerabilities)

Frequently Asked Questions

  • What is the severity of CVE-2023-6204?

    The severity of CVE-2023-6204 is high.

  • Which systems are affected by CVE-2023-6204?

    CVE-2023-6204 affects systems with Firefox versions < 120, Firefox versions < 115.5, and Thunderbird versions < 115.5.0.

  • How can CVE-2023-6204 be exploited?

    CVE-2023-6204 can be exploited by forcing an out-of-bounds read and leaking memory data into canvas element images.

  • What is the remedy for CVE-2023-6204?

    The remedy for CVE-2023-6204 is to update Firefox to version 120 or higher, Firefox to version 115.5 or higher, or Thunderbird to version 115.5.0 or higher.

  • Where can I find more information about CVE-2023-6204?

    You can find more information about CVE-2023-6204 in the Mozilla bugzilla and security advisories: [Mozilla Bugzilla](https://bugzilla.mozilla.org/show_bug.cgi?id=1841050), [Mozilla Security Advisory 2023-49](https://www.mozilla.org/security/advisories/mfsa2023-49/), [Mozilla Security Advisory 2023-50](https://www.mozilla.org/security/advisories/mfsa2023-50/).

Company

Resources

Contact

SecAlerts Pty Ltd.
132 Wickham Terrace
Fortitude Valley,
QLD 4006, Australia
info@secalerts.co
By using SecAlerts services, you agree to our services end-user license agreement. This website is safeguarded by reCAPTCHA and governed by the Google Privacy Policy and Terms of Service. All names, logos, and brands of products are owned by their respective owners, and any usage of these names, logos, and brands for identification purposes only does not imply endorsement. If you possess any content that requires removal, please get in touch with us.
© 2025 SecAlerts Pty Ltd.
ABN: 70 645 966 203, ACN: 645 966 203