Red Hat Product Security released an advisory (RHSA-2024:2883) for Firefox ESR upgrading it to version 115.11.0 to fix six security vulnerabilities: CVE-2024-4367 (arbitrary JavaScript execution in PDF.js), CVE-2024-4767 (IndexedDB files retained in private browsing mode), CVE-2024-4768 (permissions request bypass via clickjacking), CVE-2024-4769 (cross-origin responses distinguishable by content-type), CVE-2024-4770 (use-after-free when printing to PDF), and CVE-2024-4777 (memory safety bugs). These vulnerabilities impact Firefox ESR on Red Hat Enterprise Linux 9 and related extended update support and lifecycle variants across multiple architectures. The advisory does not provide CVSS scores but rates the update as Important.

The vulnerabilities fixed include arbitrary JavaScript execution, privacy issues with IndexedDB in private browsing, bypass of permissions requests, information disclosure via cross-origin response content-type distinctions, use-after-free memory corruption, and other memory safety bugs. These could lead to unauthorized code execution, privacy violations, and potential application crashes. The update mitigates these risks by patching the affected components in Firefox ESR 115.11.0.

Red Hat has released an official security update upgrading Firefox ESR to version 115.11.0. Users and administrators should apply this update promptly to remediate the listed vulnerabilities. The update is available for Red Hat Enterprise Linux 9 and its Extended Update Support and Extended Life Cycle variants across supported architectures. Prior errata should be applied before this update. No additional mitigations are indicated by the vendor advisory.