← Back

CVE-2024-11691

nvd nist
Published: Nov 26, 2024Modified: Jun 24, 2025

JSON object

Loading...
8.8
Vector
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
Exploitability: 2.8 / Impact: 5.9
Source: 134c704f-9b21-4f2e-91b3-4a467353bcc0 (Secondary)

Description

Certain WebGL operations on Apple silicon M series devices could have lead to an out-of-bounds write and memory corruption due to a flaw in Apple's GPU driver. *This bug only affected the application on Apple M series hardware. Other platforms were unaffected.* This vulnerability affects Firefox < 133, Firefox ESR < 128.5, Firefox ESR < 115.18, Thunderbird < 133, Thunderbird < 128.5, and Thunderbird < 115.18.

Affected (6)

Mozilla
2 products
Firefox
Thunderbird
Configuration A
6 vulnerable · 15 platform
Vulnerable SoftwareAffected Versions
Mozilla
Firefox
From 129.0 to 133.0
Firefox
Before 115.18.0
Firefox
From 116.0 to 128.5.0
Mozilla
Thunderbird
Before 115.18.0
Thunderbird
From 116.0 to 128.5.0
Thunderbird
From 129.0 to 133.0
Running on/withPlatform Versions
Apple
M1
All versions
Apple
M1 Max
All versions
Apple
M1 Pro
All versions
Apple
M1 Ultra
All versions
Apple
M2
All versions
Apple
M2 Max
All versions
Apple
M2 Pro
All versions
Apple
M2 Ultra
All versions
Apple
M3
All versions
Apple
M3 Max
All versions
Apple
M3 Pro
All versions
Apple
M3 Ultra
All versions
Apple
M4
All versions
Apple
M4 Max
All versions
Apple
M4 Pro
All versions

Related CWEs

CWE-787
Out-of-bounds Write
The product writes data past the end, or before the beginning, of the intended buffer.

References (8)

Source: security@mozilla.org
Issue Tracking
Source: security@mozilla.org
Issue Tracking
Source: security@mozilla.org
Vendor Advisory
Source: security@mozilla.org
Vendor Advisory
Source: security@mozilla.org
Vendor Advisory
Source: security@mozilla.org
Vendor Advisory
Source: security@mozilla.org
Vendor Advisory
Source: security@mozilla.org
Vendor Advisory

Timeline

No history available yet.