CVE-2024-11691

Certain WebGL operations on Apple silicon M series devices could have lead to an out-of-bounds write and memory corruption due to a flaw in Apple's GPU driver. *This bug only affected the application on Apple M series hardware. Other platforms were unaffected.* This vulnerability affects Firefox < 133, Firefox ESR < 128.5, Firefox ESR < 115.18, Thunderbird < 133, Thunderbird < 128.5, and Thunderbird < 115.18.

CVSS

No CVSS.

References

Link	Resource
https://bugzilla.mozilla.org/show_bug.cgi?id=1914707	Issue Tracking
https://bugzilla.mozilla.org/show_bug.cgi?id=1924184	Issue Tracking
https://www.mozilla.org/security/advisories/mfsa2024-63/	Vendor Advisory
https://www.mozilla.org/security/advisories/mfsa2024-64/	Vendor Advisory
https://www.mozilla.org/security/advisories/mfsa2024-65/	Vendor Advisory
https://www.mozilla.org/security/advisories/mfsa2024-67/	Vendor Advisory
https://www.mozilla.org/security/advisories/mfsa2024-68/	Vendor Advisory
https://www.mozilla.org/security/advisories/mfsa2024-70/	Vendor Advisory

Configurations

Configuration 1 (hide)

AND

OR	cpe:2.3:a:mozilla:firefox:::::esr:::*
	cpe:2.3:a:mozilla:firefox:::::esr:::*
	cpe:2.3:a:mozilla:firefox:::::-:::*
	cpe:2.3:a:mozilla:thunderbird::::::::
	cpe:2.3:a:mozilla:thunderbird::::::::
	cpe:2.3:a:mozilla:thunderbird::::::::

OR	cpe:2.3:h:apple:m1:-:::::::*
	cpe:2.3:h:apple:m1_max:-:::::::*
	cpe:2.3:h:apple:m1_pro:-:::::::*
	cpe:2.3:h:apple:m1_ultra:-:::::::*
	cpe:2.3:h:apple:m2:-:::::::*
	cpe:2.3:h:apple:m2_max:-:::::::*
	cpe:2.3:h:apple:m2_pro:-:::::::*
	cpe:2.3:h:apple:m2_ultra:-:::::::*
	cpe:2.3:h:apple:m3:-:::::::*
	cpe:2.3:h:apple:m3_max:-:::::::*
	cpe:2.3:h:apple:m3_pro:-:::::::*
	cpe:2.3:h:apple:m3_ultra:-:::::::*
	cpe:2.3:h:apple:m4:-:::::::*
	cpe:2.3:h:apple:m4_max:-:::::::*
	cpe:2.3:h:apple:m4_pro:-:::::::*

History

24 Jun 2025, 16:58

Type	Values Removed	Values Added
References	~~() https://www.mozilla.org/security/advisories/mfsa2024-67/ -~~	() https://www.mozilla.org/security/advisories/mfsa2024-67/ - Vendor Advisory
References	~~() https://bugzilla.mozilla.org/show_bug.cgi?id=1914707 -~~	() https://bugzilla.mozilla.org/show_bug.cgi?id=1914707 - Issue Tracking
References	~~() https://www.mozilla.org/security/advisories/mfsa2024-70/ -~~	() https://www.mozilla.org/security/advisories/mfsa2024-70/ - Vendor Advisory
References	~~() https://www.mozilla.org/security/advisories/mfsa2024-63/ -~~	() https://www.mozilla.org/security/advisories/mfsa2024-63/ - Vendor Advisory
References	~~() https://bugzilla.mozilla.org/show_bug.cgi?id=1924184 -~~	() https://bugzilla.mozilla.org/show_bug.cgi?id=1924184 - Issue Tracking
References	~~() https://www.mozilla.org/security/advisories/mfsa2024-64/ -~~	() https://www.mozilla.org/security/advisories/mfsa2024-64/ - Vendor Advisory
References	~~() https://www.mozilla.org/security/advisories/mfsa2024-68/ -~~	() https://www.mozilla.org/security/advisories/mfsa2024-68/ - Vendor Advisory
References	~~() https://www.mozilla.org/security/advisories/mfsa2024-65/ -~~	() https://www.mozilla.org/security/advisories/mfsa2024-65/ - Vendor Advisory
First Time		Apple Apple m2 Max Apple m3 Max Apple m1 Max Mozilla Apple m2 Pro Apple m4 Apple m3 Apple m4 Max Mozilla thunderbird Apple m2 Apple m3 Pro Mozilla firefox Apple m4 Pro Apple m2 Ultra Apple m3 Ultra Apple m1 Apple m1 Pro Apple m1 Ultra
CPE		cpe:2.3:h:apple:m2_max:-:::::::* cpe:2.3:h:apple:m1:-:::::::* cpe:2.3:h:apple:m1_max:-:::::::* cpe:2.3:a:mozilla:firefox:::::esr:::* cpe:2.3:h:apple:m4:-:::::::* cpe:2.3:a:mozilla:thunderbird:::::::: cpe:2.3:h:apple:m2:-:::::::* cpe:2.3:h:apple:m3_pro:-:::::::* cpe:2.3:h:apple:m3_ultra:-:::::::* cpe:2.3:a:mozilla:firefox:::::-:::* cpe:2.3:h:apple:m4_max:-:::::::* cpe:2.3:h:apple:m2_ultra:-:::::::* cpe:2.3:h:apple:m2_pro:-:::::::* cpe:2.3:h:apple:m3_max:-:::::::* cpe:2.3:h:apple:m4_pro:-:::::::* cpe:2.3:h:apple:m1_pro:-:::::::* cpe:2.3:h:apple:m1_ultra:-:::::::* cpe:2.3:h:apple:m3:-:::::::*

13 Dec 2024, 17:15

Type	Values Removed	Values Added
Summary	Certain WebGL operations on Apple silicon M series devices could have lead to an out-of-bounds write and memory corruption due to a flaw in Apple's GPU driver. This bug only affected the application on Apple M series hardware. Other platforms were unaffected. This vulnerability affects Firefox < 133, Firefox ESR < 128.5, Firefox ESR < 115.18, Thunderbird < 133, Thunderbird < 128.5, and Firefox ESR < 115.18.	Certain WebGL operations on Apple silicon M series devices could have lead to an out-of-bounds write and memory corruption due to a flaw in Apple's GPU driver. This bug only affected the application on Apple M series hardware. Other platforms were unaffected. This vulnerability affects Firefox < 133, Firefox ESR < 128.5, Firefox ESR < 115.18, Thunderbird < 133, Thunderbird < 128.5, and Thunderbird < 115.18.

13 Dec 2024, 14:15

Type	Values Removed	Values Added
Summary	Certain WebGL operations on Apple silicon M series devices could have lead to an out-of-bounds write and memory corruption due to a flaw in Apple's GPU driver. This bug only affected the application on Apple M series hardware. Other platforms were unaffected. This vulnerability affects Firefox < 133, Firefox ESR < 128.5, Firefox ESR < 115.18, Thunderbird < 133, and Thunderbird < 128.5.	Certain WebGL operations on Apple silicon M series devices could have lead to an out-of-bounds write and memory corruption due to a flaw in Apple's GPU driver. This bug only affected the application on Apple M series hardware. Other platforms were unaffected. This vulnerability affects Firefox < 133, Firefox ESR < 128.5, Firefox ESR < 115.18, Thunderbird < 133, Thunderbird < 128.5, and Firefox ESR < 115.18.
References		() https://www.mozilla.org/security/advisories/mfsa2024-70/ -

27 Nov 2024, 16:15

Type	Values Removed	Values Added
New CVE

JSON object

Attach tags to CVE-2024-11691

Attach tags to `CVE-2024-11691`