Certain WebGL operations on Apple silicon M series devices could have lead to an out-of-bounds write and memory corruption due to a flaw in Apple's GPU driver. *This bug only affected the application on Apple M series hardware. Other platforms were unaffected.* This vulnerability affects Firefox < 133, Firefox ESR < 128.5, Firefox ESR < 115.18, Thunderbird < 133, Thunderbird < 128.5, and Thunderbird < 115.18.
2024-11-26T14:15:18.633
2025-06-24T16:58:50.323
Analyzed
CVSSv3.1: 8.8 (HIGH)
| Type | Vendor | Product | Version/Range | Vulnerable? |
|---|---|---|---|---|
| Application | mozilla | firefox | < 115.18.0 | Yes |
| Application | mozilla | firefox | < 128.5.0 | Yes |
| Application | mozilla | firefox | < 133.0 | Yes |
| Application | mozilla | thunderbird | < 115.18.0 | Yes |
| Application | mozilla | thunderbird | < 128.5.0 | Yes |
| Application | mozilla | thunderbird | < 133.0 | Yes |
| Hardware | apple | m1 | - | No |
| Hardware | apple | m1_max | - | No |
| Hardware | apple | m1_pro | - | No |
| Hardware | apple | m1_ultra | - | No |
| Hardware | apple | m2 | - | No |
| Hardware | apple | m2_max | - | No |
| Hardware | apple | m2_pro | - | No |
| Hardware | apple | m2_ultra | - | No |
| Hardware | apple | m3 | - | No |
| Hardware | apple | m3_max | - | No |
| Hardware | apple | m3_pro | - | No |
| Hardware | apple | m3_ultra | - | No |
| Hardware | apple | m4 | - | No |
| Hardware | apple | m4_max | - | No |
| Hardware | apple | m4_pro | - | No |