You can only download firmware if you have a service contract. The version you're running is no longer maintained and it is quite likely the issue affects that branch.
I don't think you understand the seriousness of the vulnerability so I will highlight the relevant description of the problem.
A vulnerability in the HTTP/HTTPS service used by J-Web, Web Authentication, Dynamic-VPN (DVPN), Firewall Authentication Pass-Through with Web-Redirect, and Zero Touch Provisioning (ZTP) allows an unauthenticated attacker to perform local file inclusion (LFI) which could be leveraged to perform Remote Code Execution (RCE) and take control of the device.
This issue only affects Juniper Networks Junos OS devices with HTTP/HTTPS services enabled.
The problem is not only bad actors accessing your network but using your device as a springboard to do harm to others.
JunOS's Dynamic VPN on these older devices is getting long in the tooth anyway because it's IPSec only and the Pulse Secure client for mobile only supports SSL. It would be better if you deploy OpenVPN or some other VPN software and turn off HTTP/HTTPS on your internet-facing port. I understand newer versions of JunOS will support SSLVPN. It is best practice to put the management port of the SRX in an allowed list on your internal facing network, too.