CVE-2024-6600 — Allocation of Resources Without Limits or Throttling in Mozilla Firefox

CWE-770 — Allocation of Resources Without Limits or Throttling CWE-125 — Out-of-bounds Read11 documents8 sources

Severity

6.3MEDIUMNVD

EPSS

0.2%

top 64.21%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Mozilla Firefox Mozilla Firefox ESR Mozilla Thunderbird

Timeline

PublishedJul 9

Latest updateJul 22

Description

Due to large allocation checks in Angle for GLSL shaders being too lenient an out-of-bounds access could occur when allocating more than 8192 ints in private shader memory on macOS. This vulnerability affects Firefox < 128, Firefox ESR < 115.13, Thunderbird < 115.13, and Thunderbird < 128.

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:LExploitability: 2.8 | Impact: 3.4

Affected Packages6 packages

▶CVEListV5mozilla/firefoxunspecified — 128

▶NVDmozilla/firefox< 115.13+1

▶CVEListV5mozilla/firefox_esrunspecified — 115.13

▶CVEListV5mozilla/thunderbirdunspecified — 115.13+1

▶NVDmozilla/thunderbird116.0 — 128.0+1

🔴Vulnerability Details

OSV

thunderbird vulnerabilities↗2024-07-22

▶

GHSA

GHSA-8c8x-848r-wqq7: Due to large allocation checks in Angle for GLSL shaders being too lenient an out-of-bounds access could occur when allocating more than 8192 ints in↗2024-07-09

▶

CVEList

Memory corruption in WebGL API↗2024-07-09

▶

📋Vendor Advisories

Ubuntu

Thunderbird vulnerabilities↗2024-07-22

▶

Red Hat

Mozilla: Memory corruption in WebGL API↗2024-07-09

▶

Debian

CVE-2024-6600: firefox - Due to large allocation checks in Angle for GLSL shaders being too lenient an ou...↗2024

▶

Mozilla

Mozilla Foundation Security Advisory 2024-29: CVE-2024-6600↗

▶

Mozilla

Mozilla Foundation Security Advisory 2024-30: CVE-2024-6600↗

▶