ГлавнаяУязвимости → CVE-2024-11691
8.8высокая

CVE-2024-11691

→ есть в БДУ: BDU:2024-10453 (на русском)
Описание (на английском; русское — в БДУ выше)

Certain WebGL operations on Apple silicon M series devices could have lead to an out-of-bounds write and memory corruption due to a flaw in Apple's GPU driver. *This bug only affected the application on Apple M series hardware. Other platforms were unaffected.* This vulnerability affects Firefox < 133, Firefox ESR < 128.5, Firefox ESR < 115.18, Thunderbird < 133, Thunderbird < 128.5, and Thunderbird < 115.18.

Затрагиваемое ПО
Mozilla FirefoxMozilla ThunderbirdApple M1Apple M1 maxApple M1 proApple M1 ultraApple M2Apple M2 maxApple M2 proApple M2 ultraApple M3Apple M3 maxApple M3 proApple M3 ultraApple M4Apple M4 maxApple M4 pro
CVSS
Балл8.8 — высокая
ВекторCVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
Источники
https://bugzilla.mozilla.org/show_bug.cgi?id=1914707https://bugzilla.mozilla.org/show_bug.cgi?id=1924184https://www.mozilla.org/security/advisories/mfsa2024-63/https://www.mozilla.org/security/advisories/mfsa2024-64/https://www.mozilla.org/security/advisories/mfsa2024-65/https://www.mozilla.org/security/advisories/mfsa2024-67/https://www.mozilla.org/security/advisories/mfsa2024-68/https://www.mozilla.org/security/advisories/mfsa2024-70/