This Red Hat security advisory addresses six distinct vulnerabilities in Mozilla Firefox, fixed by upgrading to Firefox ESR 115.11.0. The vulnerabilities include CVE-2024-4367 (arbitrary JavaScript execution in PDF.js), CVE-2024-4767 (IndexedDB files retained in private browsing mode), CVE-2024-4768 (potential permissions request bypass via clickjacking), CVE-2024-4769 (cross-origin responses distinguishable by content-type), CVE-2024-4770 (use-after-free when printing to PDF), and CVE-2024-4777 (memory safety bugs). These fixes also apply to Firefox 126 and Thunderbird 115.11. Red Hat rates the update as important and recommends applying it on affected systems running Red Hat Enterprise Linux 8.2 AUS. No CVSS scores are provided in the advisory; users are directed to the CVE pages for detailed scoring.

Successful exploitation of these vulnerabilities could lead to arbitrary JavaScript execution, privacy breaches due to retained IndexedDB files in private browsing, bypass of permissions requests, information disclosure through cross-origin response content-type distinctions, use-after-free memory corruption potentially leading to crashes or code execution, and other memory safety issues. These impacts affect the confidentiality, integrity, and availability of the Firefox browser and potentially the underlying system when exploited.

A security update upgrading Firefox to version 115.11.0 ESR is available from Red Hat for Red Hat Enterprise Linux 8.2 AUS. Users should apply this update to remediate the listed vulnerabilities. Before applying this update, ensure all previously released errata relevant to the system have been applied. Refer to Red Hat's official update instructions at https://access.redhat.com/articles/11258. No additional mitigation steps are indicated by the vendor advisory.