CVE-2024-6600
Published: 9 July 2024
Due to large allocation checks in Angle for GLSL shaders being too lenient an out-of-bounds access could occur when allocating more than 8192 ints in private shader memory on mac OS. This vulnerability affects Firefox < 128, Firefox ESR < 115.13, Thunderbird < 115.13, and Thunderbird < 128.
Notes
Author | Note |
---|---|
tyhicks |
mozjs contains a copy of the SpiderMonkey JavaScript engine |
mdeslaur |
starting with Ubuntu 22.04, the firefox package is just a script that installs the Firefox snap starting with Ubuntu 24.04, the thunderbird package is just a script that installs the Thunderbird snap |
Priority
Status
Package | Release | Status |
---|---|---|
firefox
Launchpad, Ubuntu, Debian |
focal |
Not vulnerable
(macos only)
|
jammy |
Not vulnerable
(code not present)
|
|
mantic |
Not vulnerable
(code not present)
|
|
noble |
Not vulnerable
(code not present)
|
|
upstream |
Not vulnerable
(debian: Only affects Firefox on MacOS)
|
|
thunderbird
Launchpad, Ubuntu, Debian |
focal |
Not vulnerable
(macos only)
|
jammy |
Not vulnerable
(macos only)
|
|
mantic |
Ignored
(end of life, was needed)
|
|
noble |
Not vulnerable
(code not present)
|
|
upstream |
Needs triage
|
References
- https://www.cve.org/CVERecord?id=CVE-2024-6600
- https://www.mozilla.org/en-US/security/advisories/mfsa2024-29/#CVE-2024-6600
- https://www.mozilla.org/en-US/security/advisories/mfsa2024-30/#CVE-2024-6600
- https://bugzilla.mozilla.org/show_bug.cgi?id=1888340
- https://www.mozilla.org/security/advisories/mfsa2024-29/
- https://www.mozilla.org/security/advisories/mfsa2024-30/
- NVD
- Launchpad
- Debian