This Red Hat security advisory addresses multiple vulnerabilities in Mozilla Firefox by upgrading to version 115.11.0 ESR. The fixed issues include CVE-2024-4367 (arbitrary JavaScript execution in PDF.js), CVE-2024-4767 (IndexedDB files retained in private browsing mode), CVE-2024-4768 (permissions request bypass via clickjacking), CVE-2024-4769 (cross-origin response content-type distinction), CVE-2024-4770 (use-after-free when printing to PDF), and CVE-2024-4777 (memory safety bugs). These vulnerabilities affect Firefox on Red Hat Enterprise Linux 9.2 Extended Update Support and related platforms. The advisory does not provide CVSS scores but classifies the update as Important. No known exploits in the wild are reported. The update is available through Red Hat errata RHSA-2024:2906.

The vulnerabilities fixed include arbitrary code execution via PDF.js, privacy issues with IndexedDB in private browsing, bypass of permissions requests through clickjacking, information disclosure via cross-origin response content-type differentiation, use-after-free memory corruption when printing PDFs, and other memory safety bugs. These issues could potentially allow attackers to execute arbitrary JavaScript, bypass security prompts, or cause memory corruption, impacting browser security and user privacy. The advisory rates the overall security impact as Important but does not report active exploitation.

A security update to Firefox version 115.11.0 ESR is available from Red Hat for affected Red Hat Enterprise Linux 9.2 Extended Update Support and related variants. Users should apply this update promptly following Red Hat's official guidance at https://access.redhat.com/articles/11258. All previously released errata relevant to the system should be applied before updating. No additional mitigation steps are indicated by the vendor advisory.