Red Hat Security Advisory: firefox security update
Red Hat has issued a security advisory for Firefox, upgrading it to version 115.10.0 ESR to address multiple vulnerabilities. The fixes resolve issues including incorrect JIT compilation leading to use-after-free, out-of-bounds reads, integer overflow in the OpenType sanitizer, permission prompt input delays, and memory safety bugs. These vulnerabilities affect Red Hat Enterprise Linux 7 variants and related products. The update is rated as important by Red Hat and requires restarting Firefox after installation.
AI Analysis
Technical Summary
This advisory addresses several security vulnerabilities in Mozilla Firefox as packaged by Red Hat for Enterprise Linux 7. The update to Firefox ESR 115.10.0 fixes multiple issues: CVE-2024-3852 (JIT GetBoundName returning wrong object), CVE-2024-3854 (out-of-bounds read from mis-optimized switch), CVE-2024-3857 (use-after-free from incorrect JITting of arguments during garbage collection), CVE-2024-2609 (permission prompt input delay expiration when not in focus), CVE-2024-3859 (integer overflow causing out-of-bounds read in OpenType sanitizer), CVE-2024-3861 (potential use-after-free due to AlignedBuffer self-move), and CVE-2024-3864 (memory safety bug). These fixes mitigate memory safety and logic errors that could impact browser stability and security. The update is available for multiple Red Hat Enterprise Linux 7 architectures and variants.
Potential Impact
The vulnerabilities fixed include memory safety issues such as use-after-free and out-of-bounds reads, which could lead to crashes or potentially exploitable conditions. The permission prompt input delay flaw could affect user interaction security. While no known exploits in the wild have been reported, the issues collectively pose a high security risk if unpatched, potentially allowing attackers to compromise browser integrity or user security.
Mitigation Recommendations
Red Hat has released an official security update upgrading Firefox to version 115.10.0 ESR for Red Hat Enterprise Linux 7 and related products. Applying this update and restarting Firefox fully mitigates the addressed vulnerabilities. Users should follow Red Hat's update instructions at https://access.redhat.com/articles/11258 to ensure their systems are protected.
Red Hat Security Advisory: firefox security update
Description
Red Hat has issued a security advisory for Firefox, upgrading it to version 115.10.0 ESR to address multiple vulnerabilities. The fixes resolve issues including incorrect JIT compilation leading to use-after-free, out-of-bounds reads, integer overflow in the OpenType sanitizer, permission prompt input delays, and memory safety bugs. These vulnerabilities affect Red Hat Enterprise Linux 7 variants and related products. The update is rated as important by Red Hat and requires restarting Firefox after installation.
Affected software
Run on your own infrastructure? Check whether these packages are installed with threat-finder — our free open-source scanner.
AI-Powered Analysis
Machine-generated threat intelligence
Technical Analysis
This advisory addresses several security vulnerabilities in Mozilla Firefox as packaged by Red Hat for Enterprise Linux 7. The update to Firefox ESR 115.10.0 fixes multiple issues: CVE-2024-3852 (JIT GetBoundName returning wrong object), CVE-2024-3854 (out-of-bounds read from mis-optimized switch), CVE-2024-3857 (use-after-free from incorrect JITting of arguments during garbage collection), CVE-2024-2609 (permission prompt input delay expiration when not in focus), CVE-2024-3859 (integer overflow causing out-of-bounds read in OpenType sanitizer), CVE-2024-3861 (potential use-after-free due to AlignedBuffer self-move), and CVE-2024-3864 (memory safety bug). These fixes mitigate memory safety and logic errors that could impact browser stability and security. The update is available for multiple Red Hat Enterprise Linux 7 architectures and variants.
Potential Impact
The vulnerabilities fixed include memory safety issues such as use-after-free and out-of-bounds reads, which could lead to crashes or potentially exploitable conditions. The permission prompt input delay flaw could affect user interaction security. While no known exploits in the wild have been reported, the issues collectively pose a high security risk if unpatched, potentially allowing attackers to compromise browser integrity or user security.
Mitigation Recommendations
Red Hat has released an official security update upgrading Firefox to version 115.10.0 ESR for Red Hat Enterprise Linux 7 and related products. Applying this update and restarting Firefox fully mitigates the addressed vulnerabilities. Users should follow Red Hat's update instructions at https://access.redhat.com/articles/11258 to ensure their systems are protected.
Technical Details
- Gcve Source
- db.gcve.eu
- Csaf Category
- csaf_security_advisory
- Csaf Version
- 2.0
- Publisher
- Red Hat Product Security
- Advisory Id
- RHSA-2024:1910
- Cve Count
- 8
- Additional Cves
- ["CVE-2024-3302","CVE-2024-3852","CVE-2024-3854","CVE-2024-3857","CVE-2024-3859","CVE-2024-3861","CVE-2024-3864"]
- Cvss Version
- null
Threat ID: 6a3da1fa4853345fc1835779
Added to database: 06/25/2026, 21:47:38 UTC
Last enriched: 06/25/2026, 22:51:42 UTC
Last updated: 06/26/2026, 01:00:49 UTC
Views: 3
Community Reviews
0 reviewsCrowdsource mitigation strategies, share intel context, and vote on the most helpful responses. Sign in to add your voice and help keep defenders ahead.
Want to contribute mitigation steps or threat intel context? Sign in or create an account to join the community discussion.
Actions
Updates to AI analysis require Pro Console access. Upgrade inside Console → Billing.
Need more coverage?
Upgrade to Pro Console for AI refresh and higher limits.
For incident response and remediation, OffSeq services can help resolve threats faster.
Latest Threats
Check if your credentials are on the dark web
Instant breach scanning across billions of leaked records. Free tier available.