On some systems—depending on the graphics settings and drivers—it was possible to force an out-of-bounds read and leak memory data into the images created on the canvas element. This vulnerability affects Firefox < 120, Firefox < 115.5, and Thunderbird < 115.5.0.

Related CVEs

CVE-2023-6204

Key Information

GHSA ID

GHSA-c9gw-j4mh-mj26

Published

November 21, 2023 3:30 PM

Last Modified

November 30, 2023 6:31 PM

CVSS Score

5.0 /10

Primary Ecosystem

Unknown

Primary Package

Unknown

GitHub Reviewed

✗ No

Dataset

Last updated: November 26, 2025 6:30 AM

Data from GitHub Advisory Database. This information is provided for research and educational purposes.