Description
Memory safety bugs present in Firefox ESR 140.6, Thunderbird ESR 140.6, Firefox 146 and Thunderbird 146. Some of these bugs showed evidence of memory corruption and we presume that with enough effort some of these could have been exploited to run arbitrary code. This vulnerability was fixed in Firefox 147, Firefox ESR 140.7, Thunderbird 147, and Thunderbird 140.7.
References (31)
Core 31
Core References
Vendor Advisory
https://www.mozilla.org/security/advisories/mfsa2026-01/
Vendor Advisory
https://www.mozilla.org/security/advisories/mfsa2026-03/
Vendor Advisory
https://www.mozilla.org/security/advisories/mfsa2026-04/
Vendor Advisory
https://www.mozilla.org/security/advisories/mfsa2026-05/
Vendor Advisory
https://access.redhat.com/errata/RHSA-2026:0667
Vendor Advisory
https://access.redhat.com/errata/RHSA-2026:0694
Vendor Advisory
https://access.redhat.com/errata/RHSA-2026:0924
Vendor Advisory
https://access.redhat.com/errata/RHSA-2026:1320
Vendor Advisory
https://access.redhat.com/errata/RHSA-2026:1413
Vendor Advisory
https://access.redhat.com/errata/RHSA-2026:1414
Vendor Advisory
https://access.redhat.com/errata/RHSA-2026:1415
Vendor Advisory
https://access.redhat.com/errata/RHSA-2026:1461
Vendor Advisory
https://access.redhat.com/errata/RHSA-2026:1462
Vendor Advisory
https://access.redhat.com/errata/RHSA-2026:1471
Vendor Advisory
https://access.redhat.com/errata/RHSA-2026:1487
Vendor Advisory
https://access.redhat.com/errata/RHSA-2026:2041
Vendor Advisory
https://access.redhat.com/errata/RHSA-2026:2043
Vendor Advisory
https://access.redhat.com/errata/RHSA-2026:2044
Vendor Advisory
https://access.redhat.com/errata/RHSA-2026:2047
Vendor Advisory
https://access.redhat.com/errata/RHSA-2026:2069
Vendor Advisory
https://access.redhat.com/errata/RHSA-2026:2070
Vendor Advisory
https://access.redhat.com/errata/RHSA-2026:2073
Vendor Advisory
https://access.redhat.com/errata/RHSA-2026:2074
Vendor Advisory
https://access.redhat.com/errata/RHSA-2026:2220
Vendor Advisory
https://access.redhat.com/errata/RHSA-2026:2231
Vendor Advisory
https://access.redhat.com/errata/RHSA-2026:2271
Vendor Advisory
https://access.redhat.com/errata/RHSA-2026:2286
Vendor Advisory
https://access.redhat.com/security/cve/CVE-2026-0891
Vendor Advisory
https://bugzilla.redhat.com/show_bug.cgi?id=2428963
Scores
CVSS v3
8.1
EPSS
0.0041
EPSS Percentile
33.4%
Attack Vector
NETWORK
CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H
CISA SSVC
Vulnrichment
Exploitation
none
Automatable
no
Technical Impact
total
Details
CWE
CWE-119
Status
published
Products (8)
mozilla/firefox
< 140.7.0
mozilla/firefox
< 147.0
Mozilla/Firefox
140.7 - 140.*
Mozilla/Firefox
147
mozilla/thunderbird
< 140.7.0
mozilla/thunderbird
< 147.0
Mozilla/Thunderbird
140.7 - 140.*
Mozilla/Thunderbird
147
Published
Jan 13, 2026
Tracked Since
Feb 18, 2026