CVE-2025-8028 (GCVE-0-2025-8028)

Vulnerability from cvelistv5 – Published: 2025-07-22 20:49 – Updated: 2025-11-04 15:58
VLAI?
Summary
On arm64, a WASM `br_table` instruction with a lot of entries could lead to the label being too far from the instruction causing truncation and incorrect computation of the branch address. This vulnerability affects Firefox < 141, Firefox ESR < 115.26, Firefox ESR < 128.13, Firefox ESR < 140.1, Thunderbird < 141, Thunderbird < 128.13, and Thunderbird < 140.1.
Severity ?
9.8 (Critical)
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
CWE
  • CWE-1332 - Improper Handling of Faults that Lead to Instruction Skips
Assigner
References
Impacted products
Vendor Product Version
Mozilla Firefox Affected: unspecified , < 141 (custom)
Create a notification for this product.
    Mozilla Firefox ESR Affected: unspecified , < 115.26 (custom)
Create a notification for this product.
    Mozilla Firefox ESR Affected: unspecified , < 128.13 (custom)
Create a notification for this product.
    Mozilla Firefox ESR Affected: unspecified , < 140.1 (custom)
Create a notification for this product.
    Mozilla Thunderbird Affected: unspecified , < 141 (custom)
Create a notification for this product.
    Mozilla Thunderbird Affected: unspecified , < 128.13 (custom)
Create a notification for this product.
    Mozilla Thunderbird Affected: unspecified , < 140.1 (custom)
Create a notification for this product.
Credits
Gary Kwong
Show details on NVD website
To clipboard 

{
  "containers": {
    "adp": [
      {
        "metrics": [
          {
            "cvssV3_1": {
              "attackComplexity": "LOW",
              "attackVector": "NETWORK",
              "availabilityImpact": "HIGH",
              "baseScore": 9.8,
              "baseSeverity": "CRITICAL",
              "confidentialityImpact": "HIGH",
              "integrityImpact": "HIGH",
              "privilegesRequired": "NONE",
              "scope": "UNCHANGED",
              "userInteraction": "NONE",
              "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
              "version": "3.1"
            }
          },
          {
            "other": {
              "content": {
                "id": "CVE-2025-8028",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "yes"
                  },
                  {
                    "Technical Impact": "total"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2025-07-23T14:32:07.056857Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "problemTypes": [
          {
            "descriptions": [
              {
                "cweId": "CWE-1332",
                "description": "CWE-1332 Improper Handling of Faults that Lead to Instruction Skips",
                "lang": "en",
                "type": "CWE"
              }
            ]
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2025-11-04T15:58:24.124Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      },
      {
        "providerMetadata": {
          "dateUpdated": "2025-11-03T20:07:45.506Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "url": "https://lists.debian.org/debian-lts-announce/2025/07/msg00016.html"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "Firefox",
          "vendor": "Mozilla",
          "versions": [
            {
              "lessThan": "141",
              "status": "affected",
              "version": "unspecified",
              "versionType": "custom"
            }
          ]
        },
        {
          "product": "Firefox ESR",
          "vendor": "Mozilla",
          "versions": [
            {
              "lessThan": "115.26",
              "status": "affected",
              "version": "unspecified",
              "versionType": "custom"
            }
          ]
        },
        {
          "product": "Firefox ESR",
          "vendor": "Mozilla",
          "versions": [
            {
              "lessThan": "128.13",
              "status": "affected",
              "version": "unspecified",
              "versionType": "custom"
            }
          ]
        },
        {
          "product": "Firefox ESR",
          "vendor": "Mozilla",
          "versions": [
            {
              "lessThan": "140.1",
              "status": "affected",
              "version": "unspecified",
              "versionType": "custom"
            }
          ]
        },
        {
          "product": "Thunderbird",
          "vendor": "Mozilla",
          "versions": [
            {
              "lessThan": "141",
              "status": "affected",
              "version": "unspecified",
              "versionType": "custom"
            }
          ]
        },
        {
          "product": "Thunderbird",
          "vendor": "Mozilla",
          "versions": [
            {
              "lessThan": "128.13",
              "status": "affected",
              "version": "unspecified",
              "versionType": "custom"
            }
          ]
        },
        {
          "product": "Thunderbird",
          "vendor": "Mozilla",
          "versions": [
            {
              "lessThan": "140.1",
              "status": "affected",
              "version": "unspecified",
              "versionType": "custom"
            }
          ]
        }
      ],
      "credits": [
        {
          "lang": "en",
          "value": "Gary Kwong"
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "supportingMedia": [
            {
              "base64": false,
              "type": "text/html",
              "value": "On arm64, a WASM \u003ccode\u003ebr_table\u003c/code\u003e instruction with a lot of entries could lead to the label being too far from the instruction causing truncation and incorrect computation of the branch address. This vulnerability affects Firefox \u003c 141, Firefox ESR \u003c 115.26, Firefox ESR \u003c 128.13, Firefox ESR \u003c 140.1, Thunderbird \u003c 141, Thunderbird \u003c 128.13, and Thunderbird \u003c 140.1."
            }
          ],
          "value": "On arm64, a WASM `br_table` instruction with a lot of entries could lead to the label being too far from the instruction causing truncation and incorrect computation of the branch address. This vulnerability affects Firefox \u003c 141, Firefox ESR \u003c 115.26, Firefox ESR \u003c 128.13, Firefox ESR \u003c 140.1, Thunderbird \u003c 141, Thunderbird \u003c 128.13, and Thunderbird \u003c 140.1."
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2025-10-30T15:59:33.041Z",
        "orgId": "f16b083a-5664-49f3-a51e-8d479e5ed7fe",
        "shortName": "mozilla"
      },
      "references": [
        {
          "url": "https://bugzilla.mozilla.org/show_bug.cgi?id=1971581"
        },
        {
          "url": "https://www.mozilla.org/security/advisories/mfsa2025-56/"
        },
        {
          "url": "https://www.mozilla.org/security/advisories/mfsa2025-57/"
        },
        {
          "url": "https://www.mozilla.org/security/advisories/mfsa2025-58/"
        },
        {
          "url": "https://www.mozilla.org/security/advisories/mfsa2025-59/"
        },
        {
          "url": "https://www.mozilla.org/security/advisories/mfsa2025-61/"
        },
        {
          "url": "https://www.mozilla.org/security/advisories/mfsa2025-62/"
        },
        {
          "url": "https://www.mozilla.org/security/advisories/mfsa2025-63/"
        }
      ],
      "title": "Large branch table could lead to truncated instruction"
    }
  },
  "cveMetadata": {
    "assignerOrgId": "f16b083a-5664-49f3-a51e-8d479e5ed7fe",
    "assignerShortName": "mozilla",
    "cveId": "CVE-2025-8028",
    "datePublished": "2025-07-22T20:49:24.592Z",
    "dateReserved": "2025-07-22T10:13:49.236Z",
    "dateUpdated": "2025-11-04T15:58:24.124Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.2",
  "vulnerability-lookup:meta": {
    "nvd": "{\"cve\":{\"id\":\"CVE-2025-8028\",\"sourceIdentifier\":\"security@mozilla.org\",\"published\":\"2025-07-22T21:15:49.953\",\"lastModified\":\"2025-11-03T20:19:21.360\",\"vulnStatus\":\"Modified\",\"cveTags\":[],\"descriptions\":[{\"lang\":\"en\",\"value\":\"On arm64, a WASM `br_table` instruction with a lot of entries could lead to the label being too far from the instruction causing truncation and incorrect computation of the branch address. This vulnerability affects Firefox \u003c 141, Firefox ESR \u003c 115.26, Firefox ESR \u003c 128.13, Firefox ESR \u003c 140.1, Thunderbird \u003c 141, Thunderbird \u003c 128.13, and Thunderbird \u003c 140.1.\"},{\"lang\":\"es\",\"value\":\"En arm64, una instrucci\u00f3n WASM `br_table` con muchas entradas podr\u00eda provocar que la etiqueta se alejara demasiado de la instrucci\u00f3n, lo que causar\u00eda truncamiento y un c\u00e1lculo incorrecto de la direcci\u00f3n de la rama. Esta vulnerabilidad afecta a Firefox \u0026lt; 141, Firefox ESR \u0026lt; 115.26, Firefox ESR \u0026lt; 128.13, Firefox ESR \u0026lt; 140.1, Thunderbird \u0026lt; 141, Thunderbird \u0026lt; 128.13 y Thunderbird \u0026lt; 140.1.\"}],\"metrics\":{\"cvssMetricV31\":[{\"source\":\"134c704f-9b21-4f2e-91b3-4a467353bcc0\",\"type\":\"Secondary\",\"cvssData\":{\"version\":\"3.1\",\"vectorString\":\"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H\",\"baseScore\":9.8,\"baseSeverity\":\"CRITICAL\",\"attackVector\":\"NETWORK\",\"attackComplexity\":\"LOW\",\"privilegesRequired\":\"NONE\",\"userInteraction\":\"NONE\",\"scope\":\"UNCHANGED\",\"confidentialityImpact\":\"HIGH\",\"integrityImpact\":\"HIGH\",\"availabilityImpact\":\"HIGH\"},\"exploitabilityScore\":3.9,\"impactScore\":5.9}]},\"weaknesses\":[{\"source\":\"134c704f-9b21-4f2e-91b3-4a467353bcc0\",\"type\":\"Secondary\",\"description\":[{\"lang\":\"en\",\"value\":\"CWE-1332\"}]}],\"configurations\":[{\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:mozilla:firefox:*:*:*:*:esr:*:*:*\",\"versionEndExcluding\":\"115.26.0\",\"matchCriteriaId\":\"D697EDEE-5DF4-4FC2-8128-BC9DC23EFFF3\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:mozilla:firefox:*:*:*:*:-:*:*:*\",\"versionEndExcluding\":\"141.0\",\"matchCriteriaId\":\"8684A46E-D70A-4830-8971-A6DCC360F422\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:mozilla:firefox:*:*:*:*:esr:*:*:*\",\"versionStartIncluding\":\"128.0\",\"versionEndExcluding\":\"128.13.0\",\"matchCriteriaId\":\"A621920F-5B71-403D-B8F9-EC22F249CD4C\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:mozilla:firefox:*:*:*:*:esr:*:*:*\",\"versionStartIncluding\":\"140.0\",\"versionEndExcluding\":\"140.1.0\",\"matchCriteriaId\":\"BB48C2EF-A6AC-4445-9417-1B65D5BC509B\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:mozilla:thunderbird:*:*:*:*:esr:*:*:*\",\"versionEndExcluding\":\"128.13.0\",\"matchCriteriaId\":\"B9BB9B0C-2B49-44EA-9BED-241A8CE8794E\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:mozilla:thunderbird:*:*:*:*:-:*:*:*\",\"versionEndExcluding\":\"141.0\",\"matchCriteriaId\":\"95D506DD-BD9B-4D90-802F-5BE673F1CF14\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:mozilla:thunderbird:*:*:*:*:esr:*:*:*\",\"versionStartIncluding\":\"140.0\",\"versionEndExcluding\":\"140.1.0\",\"matchCriteriaId\":\"8CE266C2-5AF1-4C57-9B7C-47039FF06384\"}]}]}],\"references\":[{\"url\":\"https://bugzilla.mozilla.org/show_bug.cgi?id=1971581\",\"source\":\"security@mozilla.org\",\"tags\":[\"Permissions Required\"]},{\"url\":\"https://www.mozilla.org/security/advisories/mfsa2025-56/\",\"source\":\"security@mozilla.org\",\"tags\":[\"Vendor Advisory\"]},{\"url\":\"https://www.mozilla.org/security/advisories/mfsa2025-57/\",\"source\":\"security@mozilla.org\",\"tags\":[\"Vendor Advisory\"]},{\"url\":\"https://www.mozilla.org/security/advisories/mfsa2025-58/\",\"source\":\"security@mozilla.org\",\"tags\":[\"Vendor Advisory\"]},{\"url\":\"https://www.mozilla.org/security/advisories/mfsa2025-59/\",\"source\":\"security@mozilla.org\",\"tags\":[\"Vendor Advisory\"]},{\"url\":\"https://www.mozilla.org/security/advisories/mfsa2025-61/\",\"source\":\"security@mozilla.org\",\"tags\":[\"Vendor Advisory\"]},{\"url\":\"https://www.mozilla.org/security/advisories/mfsa2025-62/\",\"source\":\"security@mozilla.org\",\"tags\":[\"Vendor Advisory\"]},{\"url\":\"https://www.mozilla.org/security/advisories/mfsa2025-63/\",\"source\":\"security@mozilla.org\",\"tags\":[\"Vendor Advisory\"]},{\"url\":\"https://lists.debian.org/debian-lts-announce/2025/07/msg00016.html\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"}]}}",
    "vulnrichment": {
      "containers": "{\"cna\": {\"affected\": [{\"product\": \"Firefox\", \"vendor\": \"Mozilla\", \"versions\": [{\"lessThan\": \"141\", \"status\": \"affected\", \"version\": \"unspecified\", \"versionType\": \"custom\"}]}, {\"product\": \"Firefox ESR\", \"vendor\": \"Mozilla\", \"versions\": [{\"lessThan\": \"115.26\", \"status\": \"affected\", \"version\": \"unspecified\", \"versionType\": \"custom\"}]}, {\"product\": \"Firefox ESR\", \"vendor\": \"Mozilla\", \"versions\": [{\"lessThan\": \"128.13\", \"status\": \"affected\", \"version\": \"unspecified\", \"versionType\": \"custom\"}]}, {\"product\": \"Firefox ESR\", \"vendor\": \"Mozilla\", \"versions\": [{\"lessThan\": \"140.1\", \"status\": \"affected\", \"version\": \"unspecified\", \"versionType\": \"custom\"}]}, {\"product\": \"Thunderbird\", \"vendor\": \"Mozilla\", \"versions\": [{\"lessThan\": \"141\", \"status\": \"affected\", \"version\": \"unspecified\", \"versionType\": \"custom\"}]}, {\"product\": \"Thunderbird\", \"vendor\": \"Mozilla\", \"versions\": [{\"lessThan\": \"128.13\", \"status\": \"affected\", \"version\": \"unspecified\", \"versionType\": \"custom\"}]}, {\"product\": \"Thunderbird\", \"vendor\": \"Mozilla\", \"versions\": [{\"lessThan\": \"140.1\", \"status\": \"affected\", \"version\": \"unspecified\", \"versionType\": \"custom\"}]}], \"descriptions\": [{\"lang\": \"en\", \"value\": \"On arm64, a WASM `br_table` instruction with a lot of entries could lead to the label being too far from the instruction causing truncation and incorrect computation of the branch address. This vulnerability affects Firefox \u003c 141, Firefox ESR \u003c 115.26, Firefox ESR \u003c 128.13, Firefox ESR \u003c 140.1, Thunderbird \u003c 141, Thunderbird \u003c 128.13, and Thunderbird \u003c 140.1.\", \"supportingMedia\": [{\"type\": \"text/html\", \"base64\": false, \"value\": \"On arm64, a WASM \u003ccode\u003ebr_table\u003c/code\u003e instruction with a lot of entries could lead to the label being too far from the instruction causing truncation and incorrect computation of the branch address. This vulnerability affects Firefox \u003c 141, Firefox ESR \u003c 115.26, Firefox ESR \u003c 128.13, Firefox ESR \u003c 140.1, Thunderbird \u003c 141, Thunderbird \u003c 128.13, and Thunderbird \u003c 140.1.\"}]}], \"title\": \"Large branch table could lead to truncated instruction\", \"references\": [{\"url\": \"https://bugzilla.mozilla.org/show_bug.cgi?id=1971581\"}, {\"url\": \"https://www.mozilla.org/security/advisories/mfsa2025-56/\"}, {\"url\": \"https://www.mozilla.org/security/advisories/mfsa2025-57/\"}, {\"url\": \"https://www.mozilla.org/security/advisories/mfsa2025-58/\"}, {\"url\": \"https://www.mozilla.org/security/advisories/mfsa2025-59/\"}, {\"url\": \"https://www.mozilla.org/security/advisories/mfsa2025-61/\"}, {\"url\": \"https://www.mozilla.org/security/advisories/mfsa2025-62/\"}, {\"url\": \"https://www.mozilla.org/security/advisories/mfsa2025-63/\"}], \"credits\": [{\"lang\": \"en\", \"value\": \"Gary Kwong\"}], \"providerMetadata\": {\"orgId\": \"f16b083a-5664-49f3-a51e-8d479e5ed7fe\", \"shortName\": \"mozilla\", \"dateUpdated\": \"2025-10-30T15:59:33.041Z\"}}, \"adp\": [{\"title\": \"CVE Program Container\", \"references\": [{\"url\": \"https://lists.debian.org/debian-lts-announce/2025/07/msg00016.html\"}], \"providerMetadata\": {\"orgId\": \"af854a3a-2127-422b-91ae-364da2661108\", \"shortName\": \"CVE\", \"dateUpdated\": \"2025-11-03T20:07:45.506Z\"}}, {\"title\": \"CISA ADP Vulnrichment\", \"metrics\": [{\"cvssV3_1\": {\"scope\": \"UNCHANGED\", \"version\": \"3.1\", \"baseScore\": 9.8, \"attackVector\": \"NETWORK\", \"baseSeverity\": \"CRITICAL\", \"vectorString\": \"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H\", \"integrityImpact\": \"HIGH\", \"userInteraction\": \"NONE\", \"attackComplexity\": \"LOW\", \"availabilityImpact\": \"HIGH\", \"privilegesRequired\": \"NONE\", \"confidentialityImpact\": \"HIGH\"}}, {\"other\": {\"type\": \"ssvc\", \"content\": {\"id\": \"CVE-2025-8028\", \"role\": \"CISA Coordinator\", \"options\": [{\"Exploitation\": \"none\"}, {\"Automatable\": \"yes\"}, {\"Technical Impact\": \"total\"}], \"version\": \"2.0.3\", \"timestamp\": \"2025-07-23T14:32:07.056857Z\"}}}], \"problemTypes\": [{\"descriptions\": [{\"lang\": \"en\", \"type\": \"CWE\", \"cweId\": \"CWE-1332\", \"description\": \"CWE-1332 Improper Handling of Faults that Lead to Instruction Skips\"}]}], \"providerMetadata\": {\"orgId\": \"134c704f-9b21-4f2e-91b3-4a467353bcc0\", \"shortName\": \"CISA-ADP\", \"dateUpdated\": \"2025-07-23T14:32:53.976Z\"}}]}",
      "cveMetadata": "{\"cveId\": \"CVE-2025-8028\", \"assignerOrgId\": \"f16b083a-5664-49f3-a51e-8d479e5ed7fe\", \"state\": \"PUBLISHED\", \"assignerShortName\": \"mozilla\", \"dateReserved\": \"2025-07-22T10:13:49.236Z\", \"datePublished\": \"2025-07-22T20:49:24.592Z\", \"dateUpdated\": \"2025-11-04T15:58:24.124Z\"}",
      "dataType": "CVE_RECORD",
      "dataVersion": "5.2"
    }
  }
}


Log in or create an account to share your comment.




Tags
Taxonomy of the tags.




Sightings

Author Source Type Date

Nomenclature

  • Seen: The vulnerability was mentioned, discussed, or observed by the user.
  • Confirmed: The vulnerability has been validated from an analyst's perspective.
  • Published Proof of Concept: A public proof of concept is available for this vulnerability.
  • Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
  • Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
  • Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
  • Not confirmed: The user expressed doubt about the validity of the vulnerability.
  • Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.



Detection rules are retrieved from Rulezet.