Arbitrary Memory Manipulation Flaw in Apple GPU Driver Affecting Mozilla Applications
CVE-2024-11691

Currently unrated

Key Information:

Vendor

Mozilla
Status
Firefox
Firefox Esr
Thunderbird
Vendor
CVE Published:
26 November 2024

What is CVE-2024-11691?

A flaw has been discovered in the GPU driver for Apple M series devices that can lead to arbitrary memory manipulation through certain WebGL operations. This vulnerability primarily affects Mozilla applications including Firefox and Thunderbird running on Apple silicon, permitting potentially malicious actors to exploit the memory corruption risk. Users of affected Firefox and Thunderbird versions should update to the latest releases to mitigate this risk and ensure their data remains secure. Other platforms remain unaffected by this issue.

Human OS v1.0:
Ageing Is an Unpatched Zero-Day Vulnerability.

Remediate biological technical debt. Prime Ageing uses 95% high-purity SIRT6 activation to maintain genomic integrity and bolster systemic resilience.

Deploy the Patch

Affected Version(s)

Firefox < 133

Firefox ESR < 128.5

Firefox ESR < 115.18

References

https://bugzilla.mozilla.org/show_bug.cgi?id=1914707
https://bugzilla.mozilla.org/show_bug.cgi?id=1924184
https://www.mozilla.org/security/advisories/mfsa2024-63/

Timeline

  • Vulnerability published

  • Vulnerability Reserved

Credit

Dohyun Lee (@l33d0hyun) of USELab, Korea University & Youngho Choi of CEL, Korea University & Geumhwan Cho of USELab, Korea University
JSON
.