CVE-2026-0891 — Vulnetix

CVE-2026-0891 PUBLISHED

EPSS 0.03% · 8.7th percentile

Risk Scores

EPSS Score

0.03%

8.7th percentile

Affected Products

Vendor	Product	Versions
Amazon	firefox
Amazon	thunderbird

Exploit Intelligence

CIRCL seen: CVE-2026-0891 (circl-sighting)
CIRCL seen: CVE-2026-0891 (circl-sighting)
CIRCL seen: CVE-2026-0891 (circl-sighting)
CIRCL seen: CVE-2026-0891 (circl-sighting)
CIRCL seen: CVE-2026-0891 (circl-sighting)
CIRCL seen: CVE-2026-0891 (circl-sighting)
Memory safety bugs fixed in Firefox ESR 140.7, Thunderbird ESR 140.7, Firefox 147 and Thunderbird 147 (circl)
https://www.mozilla.org/security/advisories/mfsa2026-01/ (circl)
https://www.mozilla.org/security/advisories/mfsa2026-03/ (circl)
https://www.mozilla.org/security/advisories/mfsa2026-04/ (circl)

…and 37 more exploits

Timeline

Jan 13, 2026 CVE Published
Jan 13, 2026 PoC Published
Jan 13, 2026 PoC Published
Jan 14, 2026 EPSS Score
Jan 14, 2026 PoC Published
Jan 14, 2026 PoC Published
Jan 15, 2026 PoC Published
Jan 15, 2026 PoC Published
Jan 17, 2026 EPSS Score
Jan 20, 2026 EPSS Score
Jan 23, 2026 EPSS Score
Jan 26, 2026 EPSS Score

References

ALAS2-2026-3167: thunderbird (important) advisory
ALAS2FIREFOX-2026-050: firefox (important) advisory

Open in Interactive Console →

$ Console Community · 100/wk Open console ›