Red Hat Security Advisory: firefox security update
Red Hat has issued a security advisory for Firefox, upgrading it to version 115.11.0 ESR to address multiple vulnerabilities. These include arbitrary JavaScript execution in PDF.js, retention of IndexedDB files in private browsing mode, permissions request bypass via clickjacking, cross-origin response content-type distinction, use-after-free when printing to PDF, and various memory safety bugs. The update fixes these issues to improve security and stability.
AI Analysis
Technical Summary
This Red Hat security advisory addresses several vulnerabilities in Mozilla Firefox, fixed by upgrading to Firefox ESR 115.11.0. The key issues include CVE-2024-4367 (arbitrary JavaScript execution in PDF.js), CVE-2024-4767 (IndexedDB files retained in private browsing mode), CVE-2024-4768 (permissions request bypass via clickjacking), CVE-2024-4769 (cross-origin response content-type distinction), CVE-2024-4770 (use-after-free when printing to PDF), and CVE-2024-4777 (memory safety bugs). These vulnerabilities affect Firefox as packaged for Red Hat Enterprise Linux 8.4 variants. The advisory rates the update as important and recommends applying the update to mitigate these issues.
Potential Impact
The vulnerabilities collectively could allow arbitrary JavaScript execution, privacy leaks via retained IndexedDB files in private browsing, bypass of permissions requests through clickjacking, information disclosure through cross-origin content-type distinctions, use-after-free memory corruption when printing PDFs, and other memory safety issues. These could lead to unauthorized code execution, privacy violations, or application crashes if exploited. No known exploits in the wild have been reported at the time of this advisory.
Mitigation Recommendations
A security update is available that upgrades Firefox to version 115.11.0 ESR, which addresses all listed vulnerabilities. Red Hat recommends applying this update promptly after ensuring all previous relevant errata are applied. Detailed update instructions are available at https://access.redhat.com/articles/11258. No additional mitigations are specified or required beyond applying the official update.
Red Hat Security Advisory: firefox security update
Description
Red Hat has issued a security advisory for Firefox, upgrading it to version 115.11.0 ESR to address multiple vulnerabilities. These include arbitrary JavaScript execution in PDF.js, retention of IndexedDB files in private browsing mode, permissions request bypass via clickjacking, cross-origin response content-type distinction, use-after-free when printing to PDF, and various memory safety bugs. The update fixes these issues to improve security and stability.
Affected software
AI-Powered Analysis
Machine-generated threat intelligence
Technical Analysis
This Red Hat security advisory addresses several vulnerabilities in Mozilla Firefox, fixed by upgrading to Firefox ESR 115.11.0. The key issues include CVE-2024-4367 (arbitrary JavaScript execution in PDF.js), CVE-2024-4767 (IndexedDB files retained in private browsing mode), CVE-2024-4768 (permissions request bypass via clickjacking), CVE-2024-4769 (cross-origin response content-type distinction), CVE-2024-4770 (use-after-free when printing to PDF), and CVE-2024-4777 (memory safety bugs). These vulnerabilities affect Firefox as packaged for Red Hat Enterprise Linux 8.4 variants. The advisory rates the update as important and recommends applying the update to mitigate these issues.
Potential Impact
The vulnerabilities collectively could allow arbitrary JavaScript execution, privacy leaks via retained IndexedDB files in private browsing, bypass of permissions requests through clickjacking, information disclosure through cross-origin content-type distinctions, use-after-free memory corruption when printing PDFs, and other memory safety issues. These could lead to unauthorized code execution, privacy violations, or application crashes if exploited. No known exploits in the wild have been reported at the time of this advisory.
Mitigation Recommendations
A security update is available that upgrades Firefox to version 115.11.0 ESR, which addresses all listed vulnerabilities. Red Hat recommends applying this update promptly after ensuring all previous relevant errata are applied. Detailed update instructions are available at https://access.redhat.com/articles/11258. No additional mitigations are specified or required beyond applying the official update.
Technical Details
- Gcve Source
- db.gcve.eu
- Csaf Category
- csaf_security_advisory
- Csaf Version
- 2.0
- Publisher
- Red Hat Product Security
- Advisory Id
- RHSA-2024:2886
- Cve Count
- 6
- Additional Cves
- ["CVE-2024-4767","CVE-2024-4768","CVE-2024-4769","CVE-2024-4770","CVE-2024-4777"]
- Cvss Version
- null
Threat ID: 6a3aab57eed863c81e3a4543
Added to database: 06/23/2026, 15:50:47 UTC
Last enriched: 06/23/2026, 15:54:33 UTC
Last updated: 06/23/2026, 17:08:59 UTC
Views: 2
Community Reviews
0 reviewsCrowdsource mitigation strategies, share intel context, and vote on the most helpful responses. Sign in to add your voice and help keep defenders ahead.
Want to contribute mitigation steps or threat intel context? Sign in or create an account to join the community discussion.
Actions
Updates to AI analysis require Pro Console access. Upgrade inside Console → Billing.
Need more coverage?
Upgrade to Pro Console for AI refresh and higher limits.
For incident response and remediation, OffSeq services can help resolve threats faster.
Latest Threats
Check if your credentials are on the dark web
Instant breach scanning across billions of leaked records. Free tier available.