CVE-2024-11691

Name of the Vulnerable Software and Affected Versions: Firefox versions prior to 133 Firefox ESR versions prior to 128.5 Firefox ESR versions prior to 115.18 Thunderbird versions prior to 133 Thunderbird versions prior to 128.5 Thunderbird versions prior to 115.18

Description: A flaw in Apple's GPU driver could have led to an out-of-bounds write and memory corruption due to certain WebGL operations on Apple silicon M series devices. This issue only affected applications on Apple M series hardware, with other platforms being unaffected. The vulnerability can be exploited by a remote attacker to execute arbitrary code.

Recommendations: For Firefox versions prior to 133, update to version 133 or later. For Firefox ESR versions prior to 128.5, update to version 128.5 or later. For Firefox ESR versions prior to 115.18, update to version 115.18 or later. For Thunderbird versions prior to 133, update to version 133 or later. For Thunderbird versions prior to 128.5, update to version 128.5 or later. For Thunderbird versions prior to 115.18, update to version 115.18 or later. As a temporary workaround, consider disabling WebGL operations on Apple silicon M series devices until a patch is available.