CVE-2023-6864: 
NixOS vulnerability analysis and mitigation

CVE-2023-6864 is a memory safety vulnerability discovered in Firefox 120, Firefox ESR 115.5, and Thunderbird 115.5. The vulnerability was disclosed on December 19, 2023, and affects multiple versions of Mozilla products. The issue involves memory corruption bugs that could potentially be exploited to execute arbitrary code (Mozilla Advisory).

The vulnerability is classified as a memory safety bug with a CVSS v3.1 base score of 8.8 (HIGH) with the vector string CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H. The issue is identified as CWE-787 (Out-of-bounds Write). Some of these bugs showed evidence of memory corruption that could potentially be exploited to run arbitrary code with sufficient effort (NVD).

The vulnerability affects confidentiality, integrity, and availability with high severity ratings. If successfully exploited, an attacker could potentially execute arbitrary code on the affected system. The vulnerability impacts multiple products including Firefox < 121.0, Firefox ESR < 115.6, and Thunderbird < 115.6 (Mozilla Advisory).

The vulnerability has been fixed in Firefox 121.0, Firefox ESR 115.6, and Thunderbird 115.6. Users are strongly recommended to upgrade to these versions or later. Multiple Linux distributions have also released security updates to address this vulnerability, including Debian and Gentoo (Debian Advisory, Gentoo Advisory).