CVE-2024-11691 — Out-of-bounds Write in Mozilla Firefox
Severity
8.8HIGHNVD
EPSS
0.2%
top 62.94%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
Timeline
PublishedNov 26
Description
Certain WebGL operations on Apple silicon M series devices could have lead to an out-of-bounds write and memory corruption due to a flaw in Apple's GPU driver.
*This bug only affected the application on Apple M series hardware. Other platforms were unaffected.* This vulnerability affects Firefox < 133, Firefox ESR < 128.5, Firefox ESR < 115.18, Thunderbird < 133, Thunderbird < 128.5, and Thunderbird < 115.18.
CVSS vector
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:HExploitability: 2.8 | Impact: 5.9
Affected Packages6 packages
🔴Vulnerability Details
3GHSA▶
GHSA-53mx-8hhc-gmp3: An attacker could have caused memory corruption due to a flaw in Apple's GPU driver; this can be avoided by working around the flaw↗2024-11-26
CVEList▶
CVE-2024-11691: Certain WebGL operations on Apple silicon M series devices could have lead to an out-of-bounds write and memory corruption due to a flaw in Apple's GP↗2024-11-26
OSV▶
CVE-2024-11691: Certain WebGL operations on Apple silicon M series devices could have lead to an out-of-bounds write and memory corruption due to a flaw in Apple's GP↗2024-11-26
📋Vendor Advisories
8Debian▶
CVE-2024-11691: firefox - Certain WebGL operations on Apple silicon M series devices could have lead to an...↗2024