PT-2024-5884 · Apple+7 · Apple Macos+9

Pwn2Car

·

Published

2024-07-09

·

Updated

2024-12-27

·

CVE-2024-6600

CVSS v2.0

6.4

Medium

VectorAV:N/AC:L/Au:N/C:P/I:P/A:N
Name of the Vulnerable Software and Affected Versions Mozilla Firefox versions prior to 128 Mozilla Firefox ESR versions prior to 115.13 Mozilla Thunderbird versions prior to 115.13 Mozilla Thunderbird versions prior to 128
Description The issue is related to an out-of-bounds access in Angle for GLSL shaders due to large allocation checks being too lenient. This could occur when allocating more than 8192 ints in private shader memory on Mac OS, potentially allowing a remote attacker to impact system performance.
Recommendations For Mozilla Firefox versions prior to 128, update to version 128 or later. For Mozilla Firefox ESR versions prior to 115.13, update to version 115.13 or later. For Mozilla Thunderbird versions prior to 115.13, update to version 115.13 or later. For Mozilla Thunderbird versions prior to 128, update to version 128 or later.

Exploit

Fix

Out of bounds Read

Allocation of Resources Without Limits

Found an issue in the description? Have something to add? Feel free to write us 👾
dbugs@ptsecurity.com

Weakness Enumeration

CWE-125CWE-770

Related Identifiers

ALT-PU-2024-13895
ALT-PU-2024-13897
ALT-PU-2024-13898
ALT-PU-2024-14780
ALT-PU-2024-14892
ALT-PU-2024-15087
ALT-PU-2024-15175
ALT-PU-2024-15839
ALT-PU-2024-15840
ALT-PU-2024-15841
BDU:2024-06677
CVE-2024-6600
MGASA-2024-0269
MGASA-2024-0274
OPENSUSE-SU-2024:14189-1
OPENSUSE-SU-2024:14197-1
OPENSUSE-SU-2024:14572-1
OPENSUSE-SU-2024_3003-1
OPENSUSE-SU-2024_3507-1
SUSE-SU-2024:2371-1
SUSE-SU-2024:2399-1
SUSE-SU-2024:2790-1
SUSE-SU-2024:2876-1
SUSE-SU-2024:3003-1
SUSE-SU-2024:3507-1
SUSE-SU-2024_2790-1
SUSE-SU-2024_2876-1
SUSE-SU-2024_3003-1
SUSE-SU-2024_3507-1
USN-6903-1

Affected Products

Alt Linux
Angle
Linuxmint
Apple Macos
Firefox
Firefox Esr
Thunderbird
Red Os
Suse
Ubuntu