CVE-2024-6600
published 2024-07-09CVE-2024-6600: Due to large allocation checks in Angle for GLSL shaders being too lenient an out-of-bounds access could occur when allocating more than 8192 ints in private…
medium6.3CVSS 3.1
AVNACLPRNUIRSUCLILAL
Due to large allocation checks in Angle for GLSL shaders being too lenient an out-of-bounds access could occur when allocating more than 8192 ints in private shader memory on macOS. This vulnerability affects Firefox < 128, Firefox ESR < 115.13, Thunderbird < 115.13, and Thunderbird < 128.
Affected
14 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| debian | firefox | — | — |
| debian | firefox-esr | — | — |
| debian | thunderbird | — | — |
| mozilla | firefox | < 115.13 | 115.13 |
| mozilla | firefox | < 128.0 | 128.0 |
| mozilla | firefox | — | — |
| mozilla | firefox | >= unspecified < 128 | 128 |
| mozilla | firefox_esr | >= unspecified < 115.13 | 115.13 |
| mozilla | thunderbird | < 115.13 | 115.13 |
| mozilla | thunderbird | >= 0 < 1:115.13.0+build5-0ubuntu0.20.04.1 | 1:115.13.0+build5-0ubuntu0.20.04.1 |
| mozilla | thunderbird | >= 0 < 1:115.13.0+build5-0ubuntu0.22.04.1 | 1:115.13.0+build5-0ubuntu0.22.04.1 |
| mozilla | thunderbird | >= 116.0 < 128.0 | 128.0 |
| mozilla | thunderbird | >= unspecified < 115.13 | 115.13 |
| mozilla | thunderbird | >= unspecified < 128 | 128 |
CVSS provenance
nvdv3.16.3MEDIUMCVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:L
osv6.3MEDIUM
Ubuntu
Thunderbird vulnerabilities
vendor_ubuntu·2024-07-22·CVSS 6.3
CVE-2024-6602 [MEDIUM] Thunderbird vulnerabilities
Title: Thunderbird vulnerabilities
Summary: Several security issues were fixed in Thunderbird.
Multiple security issues were discovered in Thunderbird. If a user were
tricked into opening a specially crafted website in a browsing context, an
attacker could potentially exploit these to cause a denial of service,
obtain sensitive information, bypass security restrictions, cross-site
tracing, or execute arbitrary code. (CVE-2024-6600, CVE-2024-6601,
CVE-2024-6604)
Ronald Crane discovered that Thunderbird did not properly manage certain
memory operations in the NSS. An attacker could potentially exploit this
issue to cause a denial of service. (CVE-2024-6602)
Irvan Kurniawan discovered that Thunderbird did not properly manage memory
during thread creation. An attacker could potentially exp
Red Hat
Mozilla: Memory corruption in WebGL API
vendor_redhat·2024-07-09·CVSS 6.3
CVE-2024-6600 [MEDIUM] CWE-125 Mozilla: Memory corruption in WebGL API
Mozilla: Memory corruption in WebGL API
Due to large allocation checks in Angle for GLSL shaders being too lenient an out-of-bounds access could occur when allocating more than 8192 ints in private shader memory on macOS. This vulnerability affects Firefox < 128, Firefox ESR < 115.13, Thunderbird < 115.13, and Thunderbird < 128.
The Mozilla Foundation Security Advisory describes this flaw as:
Due to large allocation checks in Angle for GLSL shaders being too lenient an out-of-bounds access could occur when allocating more than 8192 ints in private shader memory on mac OS.
Statement: Red Hat Product Security rates the severity of this flaw as determined by the Mozilla Foundation Security Advisory.
Package: firefox (Red Hat Enterprise Linux 6) - Not affected
Package: thunderbird (Red Ha
Debian
CVE-2024-6600: firefox - Due to large allocation checks in Angle for GLSL shaders being too lenient an ou...
vendor_debian·2024·CVSS 6.3
CVE-2024-6600 [MEDIUM] CVE-2024-6600: firefox - Due to large allocation checks in Angle for GLSL shaders being too lenient an ou...
Due to large allocation checks in Angle for GLSL shaders being too lenient an out-of-bounds access could occur when allocating more than 8192 ints in private shader memory on macOS. This vulnerability affects Firefox < 128, Firefox ESR < 115.13, Thunderbird < 115.13, and Thunderbird < 128.
Scope: local
sid: resolved
Mozilla
Mozilla Foundation Security Advisory 2024-29: CVE-2024-6600
vendor_mozilla·CVSS 6.3
CVE-2024-6600 [MEDIUM] Mozilla Foundation Security Advisory 2024-29: CVE-2024-6600
Mozilla Foundation Security Advisory 2024-29
CVE: CVE-2024-6600
Product: Firefox
Impact: high
Fixed in: Firefox 128
Mozilla
Mozilla Foundation Security Advisory 2024-30: CVE-2024-6600
vendor_mozilla·CVSS 6.3
CVE-2024-6600 [MEDIUM] Mozilla Foundation Security Advisory 2024-30: CVE-2024-6600
Mozilla Foundation Security Advisory 2024-30
CVE: CVE-2024-6600
Product: Firefox ESR
Impact: high
Fixed in: Firefox ESR 115.13
Mozilla
Mozilla Foundation Security Advisory 2024-32: CVE-2024-6600
vendor_mozilla·CVSS 6.3
CVE-2024-6600 [MEDIUM] Mozilla Foundation Security Advisory 2024-32: CVE-2024-6600
Mozilla Foundation Security Advisory 2024-32
CVE: CVE-2024-6600
Product: Thunderbird
Impact: high
Fixed in: Thunderbird 128
Mozilla
Mozilla Foundation Security Advisory 2024-31: CVE-2024-6600
vendor_mozilla·CVSS 6.3
CVE-2024-6600 [MEDIUM] Mozilla Foundation Security Advisory 2024-31: CVE-2024-6600
Mozilla Foundation Security Advisory 2024-31
CVE: CVE-2024-6600
Product: Thunderbird
Impact: high
Fixed in: Thunderbird 115.13
OSV
thunderbird vulnerabilities
osv·2024-07-22·CVSS 6.3
CVE-2024-6600 [MEDIUM] thunderbird vulnerabilities
thunderbird vulnerabilities
Multiple security issues were discovered in Thunderbird. If a user were
tricked into opening a specially crafted website in a browsing context, an
attacker could potentially exploit these to cause a denial of service,
obtain sensitive information, bypass security restrictions, cross-site
tracing, or execute arbitrary code. (CVE-2024-6600, CVE-2024-6601,
CVE-2024-6604)
Ronald Crane discovered that Thunderbird did not properly manage certain
memory operations in the NSS. An attacker could potentially exploit this
issue to cause a denial of service. (CVE-2024-6602)
Irvan Kurniawan discovered that Thunderbird did not properly manage memory
during thread creation. An attacker could potentially exploit this
issue to cause a denial of service, or execute arbitrary c
GHSA
GHSA-8c8x-848r-wqq7: Due to large allocation checks in Angle for GLSL shaders being too lenient an out-of-bounds access could occur when allocating more than 8192 ints in
ghsa_unreviewed·2024-07-09
CVE-2024-6600 [MEDIUM] CWE-770 GHSA-8c8x-848r-wqq7: Due to large allocation checks in Angle for GLSL shaders being too lenient an out-of-bounds access could occur when allocating more than 8192 ints in
Due to large allocation checks in Angle for GLSL shaders being too lenient an out-of-bounds access could occur when allocating more than 8192 ints in private shader memory on mac OS. This vulnerability affects Firefox < 128 and Firefox ESR < 115.13.
No detection rules found.
No public exploits indexed.
No writeups or analysis indexed.
https://bugzilla.mozilla.org/show_bug.cgi?id=1888340https://www.mozilla.org/security/advisories/mfsa2024-29/https://www.mozilla.org/security/advisories/mfsa2024-30/https://www.mozilla.org/security/advisories/mfsa2024-31/https://www.mozilla.org/security/advisories/mfsa2024-32/https://bugzilla.mozilla.org/show_bug.cgi?id=1888340https://www.mozilla.org/security/advisories/mfsa2024-29/https://www.mozilla.org/security/advisories/mfsa2024-30/https://www.mozilla.org/security/advisories/mfsa2024-31/https://www.mozilla.org/security/advisories/mfsa2024-32/
2024-07-09
Published