CVE-2024-11691
published 2024-11-26CVE-2024-11691: Certain WebGL operations on Apple silicon M series devices could have lead to an out-of-bounds write and memory corruption due to a flaw in Apple's GPU driver…
high8.8CVSS 3.1
AVNACLPRNUIRSUCHIHAH
Certain WebGL operations on Apple silicon M series devices could have lead to an out-of-bounds write and memory corruption due to a flaw in Apple's GPU driver.
*This bug only affected the application on Apple M series hardware. Other platforms were unaffected.* This vulnerability affects Firefox < 133, Firefox ESR < 128.5, Firefox ESR < 115.18, Thunderbird < 133, Thunderbird < 128.5, and Thunderbird < 115.18.
Affected
18 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| debian | firefox | — | — |
| debian | firefox-esr | — | — |
| debian | thunderbird | — | — |
| mozilla | firefox | < 115.18.0 | 115.18.0 |
| mozilla | firefox | — | — |
| mozilla | firefox | >= 116.0 < 128.5.0 | 128.5.0 |
| mozilla | firefox | >= 129.0 < 133.0 | 133.0 |
| mozilla | firefox | >= unspecified < 133 | 133 |
| mozilla | firefox_esr | >= unspecified < 128.5 | 128.5 |
| mozilla | firefox_esr | >= unspecified < 115.18 | 115.18 |
| mozilla | thunderbird | < 115.18.0 | 115.18.0 |
| mozilla | thunderbird | >= 0 < 1:115.18.0+build1-0ubuntu0.20.04.1 | 1:115.18.0+build1-0ubuntu0.20.04.1 |
| mozilla | thunderbird | >= 0 < 1:115.18.0+build1-0ubuntu0.22.04.1 | 1:115.18.0+build1-0ubuntu0.22.04.1 |
| mozilla | thunderbird | >= 116.0 < 128.5.0 | 128.5.0 |
| mozilla | thunderbird | >= 129.0 < 133.0 | 133.0 |
| mozilla | thunderbird | >= unspecified < 133 | 133 |
| mozilla | thunderbird | >= unspecified < 128.5 | 128.5 |
| mozilla | thunderbird | >= unspecified < 115.18 | 115.18 |
CVSS provenance
nvdv3.18.8HIGHCVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
osv8.8HIGH
GHSA
GHSA-53mx-8hhc-gmp3: An attacker could have caused memory corruption due to a flaw in Apple's GPU driver; this can be avoided by working around the flaw
ghsa_unreviewed·2024-11-26
CVE-2024-11691 [HIGH] CWE-787 GHSA-53mx-8hhc-gmp3: An attacker could have caused memory corruption due to a flaw in Apple's GPU driver; this can be avoided by working around the flaw
An attacker could have caused memory corruption due to a flaw in Apple's GPU driver; this can be avoided by working around the flaw.
*Note: This issue only affected macOS operating systems. Other operating systems are unaffected.* This vulnerability affects Firefox < 133, Firefox ESR < 128.5, Firefox ESR < 115.18, Thunderbird < 133, and Thunderbird < 128.5.
OSV
CVE-2024-11691: Certain WebGL operations on Apple silicon M series devices could have lead to an out-of-bounds write and memory corruption due to a flaw in Apple's GP
osv·2024-11-26·CVSS 8.8
CVE-2024-11691 [HIGH] CVE-2024-11691: Certain WebGL operations on Apple silicon M series devices could have lead to an out-of-bounds write and memory corruption due to a flaw in Apple's GP
Certain WebGL operations on Apple silicon M series devices could have lead to an out-of-bounds write and memory corruption due to a flaw in Apple's GPU driver. *This bug only affected the application on Apple M series hardware. Other platforms were unaffected.* This vulnerability affects Firefox < 133, Firefox ESR < 128.5, Firefox ESR < 115.18, Thunderbird < 133, Thunderbird < 128.5, and Thunderbird < 115.18.
Red Hat
firefox: thunderbird: Memory corruption in Apple GPU drivers
vendor_redhat·2024-11-26·CVSS 8.8
CVE-2024-11691 [HIGH] CWE-119 firefox: thunderbird: Memory corruption in Apple GPU drivers
firefox: thunderbird: Memory corruption in Apple GPU drivers
Certain WebGL operations on Apple silicon M series devices could have lead to an out-of-bounds write and memory corruption due to a flaw in Apple's GPU driver.
*This bug only affected the application on Apple M series hardware. Other platforms were unaffected.* This vulnerability affects Firefox < 133, Firefox ESR < 128.5, Firefox ESR < 115.18, Thunderbird < 133, Thunderbird < 128.5, and Thunderbird < 115.18.
A flaw was found in Mozilla. The Mozilla Foundation's Security Advisory describes the following issue: An attacker could have caused memory corruption due to a flaw in Apple's GPU driver; this can be avoided by working around the flaw. *Note: This issue only affected macOS operating systems. Other operating systems are una
Debian
CVE-2024-11691: firefox - Certain WebGL operations on Apple silicon M series devices could have lead to an...
vendor_debian·2024·CVSS 8.8
CVE-2024-11691 [HIGH] CVE-2024-11691: firefox - Certain WebGL operations on Apple silicon M series devices could have lead to an...
Certain WebGL operations on Apple silicon M series devices could have lead to an out-of-bounds write and memory corruption due to a flaw in Apple's GPU driver. *This bug only affected the application on Apple M series hardware. Other platforms were unaffected.* This vulnerability affects Firefox < 133, Firefox ESR < 128.5, Firefox ESR < 115.18, Thunderbird < 133, Thunderbird < 128.5, and Thunderbird < 115.18.
Scope: local
sid: resolved
Mozilla
Mozilla Foundation Security Advisory 2024-64: CVE-2024-11691
vendor_mozilla·CVSS 8.8
CVE-2024-11691 [HIGH] Mozilla Foundation Security Advisory 2024-64: CVE-2024-11691
Mozilla Foundation Security Advisory 2024-64
CVE: CVE-2024-11691
Product: Firefox ESR
Impact: high
Fixed in: Firefox ESR 128.5
Mozilla
Mozilla Foundation Security Advisory 2024-63: CVE-2024-11691
vendor_mozilla·CVSS 8.8
CVE-2024-11691 [HIGH] Mozilla Foundation Security Advisory 2024-63: CVE-2024-11691
Mozilla Foundation Security Advisory 2024-63
CVE: CVE-2024-11691
Product: Firefox
Impact: high
Fixed in: Firefox 133
Mozilla
Mozilla Foundation Security Advisory 2024-65: CVE-2024-11691
vendor_mozilla·CVSS 8.8
CVE-2024-11691 [HIGH] Mozilla Foundation Security Advisory 2024-65: CVE-2024-11691
Mozilla Foundation Security Advisory 2024-65
CVE: CVE-2024-11691
Product: Firefox ESR
Impact: moderate
Fixed in: Firefox ESR 115.18
Mozilla
Mozilla Foundation Security Advisory 2024-68: CVE-2024-11691
vendor_mozilla·CVSS 8.8
CVE-2024-11691 [HIGH] Mozilla Foundation Security Advisory 2024-68: CVE-2024-11691
Mozilla Foundation Security Advisory 2024-68
CVE: CVE-2024-11691
Product: Thunderbird
Impact: high
Fixed in: Thunderbird 128.5
Mozilla
Mozilla Foundation Security Advisory 2024-67: CVE-2024-11691
vendor_mozilla·CVSS 8.8
CVE-2024-11691 [HIGH] Mozilla Foundation Security Advisory 2024-67: CVE-2024-11691
Mozilla Foundation Security Advisory 2024-67
CVE: CVE-2024-11691
Product: Thunderbird
Impact: high
Fixed in: Thunderbird 133
Mozilla
Mozilla Foundation Security Advisory 2024-70: CVE-2024-11691
vendor_mozilla·CVSS 8.8
CVE-2024-11691 [HIGH] Mozilla Foundation Security Advisory 2024-70: CVE-2024-11691
Mozilla Foundation Security Advisory 2024-70
CVE: CVE-2024-11691
Product: Thunderbird
Impact: moderate
Fixed in: Thunderbird 115.18
No detection rules found.
No public exploits indexed.
https://bugzilla.mozilla.org/show_bug.cgi?id=1914707https://bugzilla.mozilla.org/show_bug.cgi?id=1924184https://www.mozilla.org/security/advisories/mfsa2024-63/https://www.mozilla.org/security/advisories/mfsa2024-64/https://www.mozilla.org/security/advisories/mfsa2024-65/https://www.mozilla.org/security/advisories/mfsa2024-67/https://www.mozilla.org/security/advisories/mfsa2024-68/https://www.mozilla.org/security/advisories/mfsa2024-70/
2024-11-26
Published