PT-2026-2653 · Mozilla+3 · Firefox+6

Edgar Chen

·

Published

2026-01-13

·

Updated

2026-03-18

·

CVE-2026-0891

CVSS v3.1

8.1

High

VectorAV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H
Name of the Vulnerable Software and Affected Versions Firefox versions prior to 147 Thunderbird versions prior to 147 Firefox ESR versions prior to 140.7 Thunderbird ESR versions prior to 140.7
Description The software contains memory safety bugs that could potentially lead to arbitrary code execution. Some of these bugs exhibited evidence of memory corruption.
Recommendations Update Firefox to version 147 or later. Update Thunderbird to version 147 or later. Update Firefox ESR to version 140.7 or later. Update Thunderbird ESR to version 140.7 or later.

Fix

DoS

Buffer Overflow

Found an issue in the description? Have something to add? Feel free to write us 👾
dbugs@ptsecurity.com

Weakness Enumeration

CWE-119

Related Identifiers

ALSA-2026:0667
ALSA-2026:0694
ALSA-2026:0924
ALSA-2026:2220
ALSA-2026:2271
ALSA-2026:2286
BDU:2026-00525
CVE-2026-0891
MGASA-2026-0013
MGASA-2026-0014
OESA-2026-1085
OESA-2026-1086
OESA-2026-1087
OESA-2026-1088
OESA-2026-1089
OESA-2026-1090
OESA-2026-1264
OESA-2026-1285
OPENSUSE-SU-2026:10037-1
OPENSUSE-SU-2026:10046-1
OPENSUSE-SU-2026:10058-1
OPENSUSE-SU-2026:20041-1
OPENSUSE-SU-2026:20391-1
RHSA-2026:0667
RHSA-2026:0694
RHSA-2026:0924
RHSA-2026:1320
RHSA-2026:1413
RHSA-2026:1414
RHSA-2026:1415
RHSA-2026:1461
RHSA-2026:1462
RHSA-2026:1471
RHSA-2026:1487
RHSA-2026:2041
RHSA-2026:2043
RHSA-2026:2044
RHSA-2026:2047
RHSA-2026:2069
RHSA-2026:2070
RHSA-2026:2073
RHSA-2026:2074
RHSA-2026:2220
RHSA-2026:2231
RHSA-2026:2271
RHSA-2026:2286
SUSE-SU-2026:0122-1
SUSE-SU-2026:0153-1
SUSE-SU-2026:0260-1
SUSE-SU-2026:20086-1
USN-7991-1

Affected Products

Firefox
Firefox Esr
Linuxmint
Rocky Linux
Thunderbird
Thunderbird Esr
Ubuntu