Логотип exploitDog
Консоль
Логотип exploitDog

exploitDog

nvd логотип

CVE-2024-11691

Опубликовано: 26 нояб. 2024
Источник: nvd
CVSS3: 8.8
EPSS Низкий

Описание

Certain WebGL operations on Apple silicon M series devices could have lead to an out-of-bounds write and memory corruption due to a flaw in Apple's GPU driver.
This bug only affected the application on Apple M series hardware. Other platforms were unaffected. This vulnerability affects Firefox < 133, Firefox ESR < 128.5, Firefox ESR < 115.18, Thunderbird < 133, Thunderbird < 128.5, and Thunderbird < 115.18.

Ссылки

Уязвимые конфигурации

Конфигурация 1

Одновременно

Одно из

cpe:2.3:a:mozilla:firefox:*:*:*:*:esr:*:*:*
Версия до 115.18.0 (исключая)
cpe:2.3:a:mozilla:firefox:*:*:*:*:esr:*:*:*
Версия от 116.0 (включая) до 128.5.0 (исключая)
cpe:2.3:a:mozilla:firefox:*:*:*:*:-:*:*:*
Версия от 129.0 (включая) до 133.0 (исключая)
cpe:2.3:a:mozilla:thunderbird:*:*:*:*:*:*:*:*
Версия до 115.18.0 (исключая)
cpe:2.3:a:mozilla:thunderbird:*:*:*:*:*:*:*:*
Версия от 116.0 (включая) до 128.5.0 (исключая)
cpe:2.3:a:mozilla:thunderbird:*:*:*:*:*:*:*:*
Версия от 129.0 (включая) до 133.0 (исключая)

Одно из

cpe:2.3:h:apple:m1:-:*:*:*:*:*:*:*
cpe:2.3:h:apple:m1_max:-:*:*:*:*:*:*:*
cpe:2.3:h:apple:m1_pro:-:*:*:*:*:*:*:*
cpe:2.3:h:apple:m1_ultra:-:*:*:*:*:*:*:*
cpe:2.3:h:apple:m2:-:*:*:*:*:*:*:*
cpe:2.3:h:apple:m2_max:-:*:*:*:*:*:*:*
cpe:2.3:h:apple:m2_pro:-:*:*:*:*:*:*:*
cpe:2.3:h:apple:m2_ultra:-:*:*:*:*:*:*:*
cpe:2.3:h:apple:m3:-:*:*:*:*:*:*:*
cpe:2.3:h:apple:m3_max:-:*:*:*:*:*:*:*
cpe:2.3:h:apple:m3_pro:-:*:*:*:*:*:*:*
cpe:2.3:h:apple:m3_ultra:-:*:*:*:*:*:*:*
cpe:2.3:h:apple:m4:-:*:*:*:*:*:*:*
cpe:2.3:h:apple:m4_max:-:*:*:*:*:*:*:*
cpe:2.3:h:apple:m4_pro:-:*:*:*:*:*:*:*

EPSS

Процентиль: 43%
0.00207
Низкий

8.8 High

CVSS3

Дефекты

CWE-787

Связанные уязвимости

ubuntu логотип

CVE-2024-11691

CVSS3: 8.8
ubuntu
около 1 года назад

Certain WebGL operations on Apple silicon M series devices could have lead to an out-of-bounds write and memory corruption due to a flaw in Apple's GPU driver. *This bug only affected the application on Apple M series hardware. Other platforms were unaffected.* This vulnerability affects Firefox < 133, Firefox ESR < 128.5, Firefox ESR < 115.18, Thunderbird < 133, Thunderbird < 128.5, and Thunderbird < 115.18.

redhat логотип

CVE-2024-11691

CVSS3: 8.2
redhat
около 1 года назад

Certain WebGL operations on Apple silicon M series devices could have lead to an out-of-bounds write and memory corruption due to a flaw in Apple's GPU driver. *This bug only affected the application on Apple M series hardware. Other platforms were unaffected.* This vulnerability affects Firefox < 133, Firefox ESR < 128.5, Firefox ESR < 115.18, Thunderbird < 133, Thunderbird < 128.5, and Thunderbird < 115.18.

debian логотип

CVE-2024-11691

CVSS3: 8.8
debian
около 1 года назад

Certain WebGL operations on Apple silicon M series devices could have ...

github логотип

GHSA-53mx-8hhc-gmp3

CVSS3: 8.8
github
около 1 года назад

An attacker could have caused memory corruption due to a flaw in Apple's GPU driver; this can be avoided by working around the flaw. *Note: This issue only affected macOS operating systems. Other operating systems are unaffected.* This vulnerability affects Firefox < 133, Firefox ESR < 128.5, Firefox ESR < 115.18, Thunderbird < 133, and Thunderbird < 128.5.

fstec логотип

BDU:2024-10453

CVSS3: 8.8
fstec
около 1 года назад

Уязвимость компонента Apple GPU Driver браузеров Mozilla Firefox, Firefox ESR и почтового клиента Thunderbird, позволяющая нарушителю выполнить произвольный код

EPSS

Процентиль: 43%
0.00207
Низкий

8.8 High

CVSS3

Дефекты

CWE-787