CVE-2024-11691

Certain WebGL operations on Apple silicon M series devices could have lead to an out-of-bounds write and memory corruption due to a flaw in Apple's GPU driver. *This bug only affected the application on Apple M series hardware. Other platforms were unaffected.* This vulnerability affects Firefox < 133, Firefox ESR < 128.5, Firefox ESR < 115.18, Thunderbird < 133, Thunderbird < 128.5, and Thunderbird < 115.18.

CVSS v3 8.8 HIGH

8.8^/10

CVSS v3 : HIGH

V3 Legend

Vector :

Exploitability : 2.8 / Impact : 5.9

Attack Vector NETWORK

Attack Complexity LOW

Privileges Required NONE

User Interaction REQUIRED

Confidentiality Impact HIGH

Integrity Impact HIGH

Availability Impact HIGH

Scope UNCHANGED

References

Link	Resource
https://bugzilla.mozilla.org/show_bug.cgi?id=1914707	Issue Tracking
https://bugzilla.mozilla.org/show_bug.cgi?id=1924184	Issue Tracking
https://www.mozilla.org/security/advisories/mfsa2024-63/	Vendor Advisory
https://www.mozilla.org/security/advisories/mfsa2024-64/	Vendor Advisory
https://www.mozilla.org/security/advisories/mfsa2024-65/	Vendor Advisory
https://www.mozilla.org/security/advisories/mfsa2024-67/	Vendor Advisory
https://www.mozilla.org/security/advisories/mfsa2024-68/	Vendor Advisory
https://www.mozilla.org/security/advisories/mfsa2024-70/	Vendor Advisory

Configurations

Configuration 1 (hide)

AND

OR	cpe:2.3:a:mozilla:firefox:::::esr:::*
	cpe:2.3:a:mozilla:firefox:::::esr:::*
	cpe:2.3:a:mozilla:firefox:::::-:::*
	cpe:2.3:a:mozilla:thunderbird::::::::
	cpe:2.3:a:mozilla:thunderbird::::::::
	cpe:2.3:a:mozilla:thunderbird::::::::

OR	cpe:2.3:h:apple:m1:-:::::::*
	cpe:2.3:h:apple:m1_max:-:::::::*
	cpe:2.3:h:apple:m1_pro:-:::::::*
	cpe:2.3:h:apple:m1_ultra:-:::::::*
	cpe:2.3:h:apple:m2:-:::::::*
	cpe:2.3:h:apple:m2_max:-:::::::*
	cpe:2.3:h:apple:m2_pro:-:::::::*
	cpe:2.3:h:apple:m2_ultra:-:::::::*
	cpe:2.3:h:apple:m3:-:::::::*
	cpe:2.3:h:apple:m3_max:-:::::::*
	cpe:2.3:h:apple:m3_pro:-:::::::*
	cpe:2.3:h:apple:m3_ultra:-:::::::*
	cpe:2.3:h:apple:m4:-:::::::*
	cpe:2.3:h:apple:m4_max:-:::::::*
	cpe:2.3:h:apple:m4_pro:-:::::::*

History

24 Jun 2025, 16:58

Type	Values Removed	Values Added
CPE		cpe:2.3:h:apple:m4_pro:-:::::::* cpe:2.3:h:apple:m3_ultra:-:::::::* cpe:2.3:h:apple:m2_ultra:-:::::::* cpe:2.3:h:apple:m3_pro:-:::::::* cpe:2.3:a:mozilla:firefox:::::esr:::* cpe:2.3:h:apple:m2:-:::::::* cpe:2.3:h:apple:m3:-:::::::* cpe:2.3:h:apple:m1_pro:-:::::::* cpe:2.3:a:mozilla:firefox:::::-:::* cpe:2.3:h:apple:m1:-:::::::* cpe:2.3:h:apple:m4_max:-:::::::* cpe:2.3:h:apple:m2_pro:-:::::::* cpe:2.3:h:apple:m2_max:-:::::::* cpe:2.3:h:apple:m4:-:::::::* cpe:2.3:h:apple:m1_max:-:::::::* cpe:2.3:a:mozilla:thunderbird:::::::: cpe:2.3:h:apple:m3_max:-:::::::* cpe:2.3:h:apple:m1_ultra:-:::::::*
First Time		Mozilla thunderbird Mozilla Apple m4 Pro Mozilla firefox Apple m2 Pro Apple m4 Max Apple m1 Max Apple m3 Max Apple Apple m2 Apple m3 Ultra Apple m4 Apple m3 Pro Apple m3 Apple m1 Apple m2 Max Apple m1 Pro Apple m1 Ultra Apple m2 Ultra
References	~~() https://bugzilla.mozilla.org/show_bug.cgi?id=1914707 -~~	() https://bugzilla.mozilla.org/show_bug.cgi?id=1914707 - Issue Tracking
References	~~() https://bugzilla.mozilla.org/show_bug.cgi?id=1924184 -~~	() https://bugzilla.mozilla.org/show_bug.cgi?id=1924184 - Issue Tracking
References	~~() https://www.mozilla.org/security/advisories/mfsa2024-63/ -~~	() https://www.mozilla.org/security/advisories/mfsa2024-63/ - Vendor Advisory
References	~~() https://www.mozilla.org/security/advisories/mfsa2024-64/ -~~	() https://www.mozilla.org/security/advisories/mfsa2024-64/ - Vendor Advisory
References	~~() https://www.mozilla.org/security/advisories/mfsa2024-65/ -~~	() https://www.mozilla.org/security/advisories/mfsa2024-65/ - Vendor Advisory
References	~~() https://www.mozilla.org/security/advisories/mfsa2024-67/ -~~	() https://www.mozilla.org/security/advisories/mfsa2024-67/ - Vendor Advisory
References	~~() https://www.mozilla.org/security/advisories/mfsa2024-68/ -~~	() https://www.mozilla.org/security/advisories/mfsa2024-68/ - Vendor Advisory
References	~~() https://www.mozilla.org/security/advisories/mfsa2024-70/ -~~	() https://www.mozilla.org/security/advisories/mfsa2024-70/ - Vendor Advisory

06 Jan 2025, 18:15

Type	Values Removed	Values Added
CWE		CWE-787

13 Dec 2024, 17:15

Type	Values Removed	Values Added
Summary	(en) Certain WebGL operations on Apple silicon M series devices could have lead to an out-of-bounds write and memory corruption due to a flaw in Apple's GPU driver. This bug only affected the application on Apple M series hardware. Other platforms were unaffected. This vulnerability affects Firefox < 133, Firefox ESR < 128.5, Firefox ESR < 115.18, Thunderbird < 133, Thunderbird < 128.5, and Firefox ESR < 115.18.	(en) Certain WebGL operations on Apple silicon M series devices could have lead to an out-of-bounds write and memory corruption due to a flaw in Apple's GPU driver. This bug only affected the application on Apple M series hardware. Other platforms were unaffected. This vulnerability affects Firefox < 133, Firefox ESR < 128.5, Firefox ESR < 115.18, Thunderbird < 133, Thunderbird < 128.5, and Thunderbird < 115.18.

13 Dec 2024, 14:15

Type	Values Removed	Values Added
Summary	(en) Certain WebGL operations on Apple silicon M series devices could have lead to an out-of-bounds write and memory corruption due to a flaw in Apple's GPU driver. This bug only affected the application on Apple M series hardware. Other platforms were unaffected. This vulnerability affects Firefox < 133, Firefox ESR < 128.5, Firefox ESR < 115.18, Thunderbird < 133, and Thunderbird < 128.5.	(en) Certain WebGL operations on Apple silicon M series devices could have lead to an out-of-bounds write and memory corruption due to a flaw in Apple's GPU driver. This bug only affected the application on Apple M series hardware. Other platforms were unaffected. This vulnerability affects Firefox < 133, Firefox ESR < 128.5, Firefox ESR < 115.18, Thunderbird < 133, Thunderbird < 128.5, and Firefox ESR < 115.18.
References		() https://www.mozilla.org/security/advisories/mfsa2024-70/ -

27 Nov 2024, 16:15

Type	Values Removed	Values Added
Summary		(es) Ciertas operaciones WebGL en dispositivos de la serie M de Apple Silicon podrían haber provocado una escritura fuera de límites y corrupción de la memoria debido a una falla en el controlador de GPU de Apple. Este error solo afectó a la aplicación en hardware de la serie M de Apple. Otras plataformas no se vieron afectadas. Esta vulnerabilidad afecta a Firefox < 133, Firefox ESR < 128.5, Firefox ESR < 115.18, Thunderbird < 133 y Thunderbird < 128.5.
CVSS	v2 : ~~unknown~~ v3 : ~~unknown~~	v2 : unknown v3 : 8.8

26 Nov 2024, 19:15

Type	Values Removed	Values Added
Summary	(en) An attacker could have caused memory corruption due to a flaw in Apple's GPU driver; this can be avoided by working around the flaw. Note: This issue only affected macOS operating systems. Other operating systems are unaffected. This vulnerability affects Firefox < 133, Firefox ESR < 128.5, Firefox ESR < 115.18, Thunderbird < 133, and Thunderbird < 128.5.	(en) Certain WebGL operations on Apple silicon M series devices could have lead to an out-of-bounds write and memory corruption due to a flaw in Apple's GPU driver. This bug only affected the application on Apple M series hardware. Other platforms were unaffected. This vulnerability affects Firefox < 133, Firefox ESR < 128.5, Firefox ESR < 115.18, Thunderbird < 133, and Thunderbird < 128.5.

26 Nov 2024, 14:15

Type	Values Removed	Values Added
New CVE

Information

Published : 2024-11-26 14:15

Updated : 2025-06-24 16:58

NVD link : CVE-2024-11691

Mitre link : CVE-2024-11691

CVE.ORG link : CVE-2024-11691

JSON object : View

Products Affected

mozilla

firefox
thunderbird

apple

m1_ultra
m2_max
m3_max
m4_max
m2_ultra
m2
m2_pro
m3_ultra
m3_pro
m3
m1_pro
m1
m1_max
m4
m4_pro

CWE

CWE-787

Out-of-bounds Write

8.8 /10