Description
Memory safety bugs present in Firefox ESR 140.6, Thunderbird ESR 140.6, Firefox 146 and Thunderbird 146. Some of these bugs showed evidence of memory corruption and we presume that with enough effort some of these could have been exploited to run arbitrary code. This vulnerability was fixed in Firefox 147, Firefox ESR 140.7, Thunderbird 147, and Thunderbird 140.7.
Published: 2026-01-13
Score: 8.1 High
EPSS: < 1% Very Low
KEV: No
Impact: Remote Code Execution
Action: Immediate Patch
AI Analysis

Impact

Memory safety bugs in older versions of Mozilla Firefox and Thunderbird caused memory corruption, potentially enabling an attacker to execute arbitrary code. The vulnerabilities are identified as buffer overrun (CWE-119) and carry a CVSS score of 8.1, indicating a high impact if exploited.

Affected Systems

The affected products are Mozilla Firefox ESR 140.6, Firefox 146, Thunderbird ESR 140.6, and Thunderbird 146. These versions are no longer maintained and were superseded by Firefox 147, Firefox ESR 140.7, Thunderbird 147, and Thunderbird ESR 140.7, which contain the fixes.

Risk and Exploitability

The CVSS score reflects significant confidentiality, integrity, and availability risks. The EPSS score is below 1 %, suggesting the likelihood of active exploitation is low. It is not listed in the CISA KEV catalog. The attack vector is likely remote, with an attacker delivering crafted content (e.g., HTML, PDF, or other files) to the compromised browser or email client.

Generated by OpenCVE AI on April 15, 2026 at 15:52 UTC.

Remediation

No vendor fix or workaround currently provided.

OpenCVE Recommended Actions

  • Update Mozilla Firefox to version 147 or later, or switch to Firefox ESR 140.7.
  • Update Mozilla Thunderbird to version 147 or later, or switch to Thunderbird ESR 140.7.
  • Enable automatic security updates in your operating system to ensure ongoing protection.

Generated by OpenCVE AI on April 15, 2026 at 15:52 UTC.

Tracking

Sign in to view the affected projects.

Advisories
Source ID Title
Debian DLA Debian DLA DLA-4439-1 firefox-esr security update
Debian DLA Debian DLA DLA-4442-1 thunderbird security update
Debian DSA Debian DSA DSA-6101-1 firefox-esr security update
Debian DSA Debian DSA DSA-6103-1 thunderbird security update
Ubuntu USN Ubuntu USN USN-7991-1 Thunderbird vulnerabilities
History

Mon, 13 Apr 2026 14:30:00 +0000

Type Values Removed Values Added
Description Memory safety bugs present in Firefox ESR 140.6, Thunderbird ESR 140.6, Firefox 146 and Thunderbird 146. Some of these bugs showed evidence of memory corruption and we presume that with enough effort some of these could have been exploited to run arbitrary code. This vulnerability affects Firefox < 147, Firefox ESR < 140.7, Thunderbird < 147, and Thunderbird < 140.7. Memory safety bugs present in Firefox ESR 140.6, Thunderbird ESR 140.6, Firefox 146 and Thunderbird 146. Some of these bugs showed evidence of memory corruption and we presume that with enough effort some of these could have been exploited to run arbitrary code. This vulnerability was fixed in Firefox 147, Firefox ESR 140.7, Thunderbird 147, and Thunderbird 140.7.

Thu, 22 Jan 2026 23:00:00 +0000

Type Values Removed Values Added
CPEs cpe:2.3:a:mozilla:firefox:*:*:*:*:-:*:*:*
cpe:2.3:a:mozilla:firefox:*:*:*:*:esr:*:*:*
cpe:2.3:a:mozilla:thunderbird:*:*:*:*:-:*:*:*
cpe:2.3:a:mozilla:thunderbird:*:*:*:*:esr:*:*:*

Thu, 15 Jan 2026 09:45:00 +0000

Type Values Removed Values Added
Description Memory safety bugs present in Firefox ESR 140.6, Thunderbird ESR 140.6, Firefox 146 and Thunderbird 146. Some of these bugs showed evidence of memory corruption and we presume that with enough effort some of these could have been exploited to run arbitrary code. This vulnerability affects Firefox < 147 and Firefox ESR < 140.7. Memory safety bugs present in Firefox ESR 140.6, Thunderbird ESR 140.6, Firefox 146 and Thunderbird 146. Some of these bugs showed evidence of memory corruption and we presume that with enough effort some of these could have been exploited to run arbitrary code. This vulnerability affects Firefox < 147, Firefox ESR < 140.7, Thunderbird < 147, and Thunderbird < 140.7.
References

Wed, 14 Jan 2026 11:15:00 +0000

Type Values Removed Values Added
First Time appeared Mozilla
Mozilla firefox
Mozilla firefox Esr
Mozilla thunderbird
Mozilla thunderbird Esr
Vendors & Products Mozilla
Mozilla firefox
Mozilla firefox Esr
Mozilla thunderbird
Mozilla thunderbird Esr

Wed, 14 Jan 2026 00:15:00 +0000

Type Values Removed Values Added
References
Metrics threat_severity

None

 threat_severity

Important

Tue, 13 Jan 2026 15:15:00 +0000

Type Values Removed Values Added
Weaknesses CWE-119
Metrics cvssV3_1

{'score': 8.1, 'vector': 'CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H'}

ssvc

{'options': {'Automatable': 'no', 'Exploitation': 'none', 'Technical Impact': 'total'}, 'version': '2.0.3'}

Tue, 13 Jan 2026 14:00:00 +0000

Type Values Removed Values Added
Description Memory safety bugs present in Firefox ESR 140.6, Thunderbird ESR 140.6, Firefox 146 and Thunderbird 146. Some of these bugs showed evidence of memory corruption and we presume that with enough effort some of these could have been exploited to run arbitrary code. This vulnerability affects Firefox < 147 and Firefox ESR < 140.7.
Title Memory safety bugs fixed in Firefox ESR 140.7, Thunderbird ESR 140.7, Firefox 147 and Thunderbird 147
References

Subscriptions

Mozilla Firefox Firefox Esr Thunderbird Thunderbird Esr
cve-icon MITRE

Status: PUBLISHED

Assigner: mozilla

Published:

Updated: 2026-04-13T13:52:10.334Z

Reserved: 2026-01-13T13:30:59.286Z

Link: CVE-2026-0891

cve-icon Vulnrichment

Updated: 2026-01-13T14:33:02.676Z

cve-icon NVD

Status : Modified

Published: 2026-01-13T14:16:39.627

Modified: 2026-04-13T15:17:18.613

Link: CVE-2026-0891

cve-icon Redhat

Severity : Important

Publid Date: 2026-01-13T13:30:59Z

Links: CVE-2026-0891 - Bugzilla

cve-icon OpenCVE Enrichment

Updated: 2026-04-15T18:15:10Z

Weaknesses