CRITICAL🇵🇱 Wersja polska

CVE-2025-8028

CVSS 9.8v3.1pub. 2025-07-22upd. 2026-04-13

On arm64, a WASM `br_table` instruction with a lot of entries could lead to the label being too far from the instruction causing truncation and incorrect computation of the branch address. This vulnerability was fixed in Firefox 141, Firefox ESR 115.26, Firefox ESR 128.13, Firefox ESR 140.1, Thunderbird 141, Thunderbird 128.13, and Thunderbird 140.1.

🤖 AI Analysis
How it works

The `br_table` instruction in WebAssembly (WASM) handles jumps to multiple labels. On the arm64 platform, the JIT compiler generates machine code in which the target label may be located too far from the jump instruction, exceeding the range allowed by the architecture. This causes truncation — address truncation — and as a result, an incorrect branch address calculation. An incorrectly determined jump address can lead to execution of unintended code or corruption of the runtime environment's memory state.

Impact

An attacker can cause unpredictable code execution in the context of the browser or mail client, which with the vulnerability classified as CWE-1332 (insufficient processor instruction safeguards) poses a risk of breach of confidentiality, integrity, and system availability.

Mitigation & patch

Software must be updated to versions: Firefox 141, Firefox ESR 115.26, Firefox ESR 128.13, Firefox ESR 140.1, Thunderbird 141, Thunderbird 128.13, or Thunderbird 140.1. Details are available in Mozilla security advisories (MFSA2025-56, MFSA2025-57, MFSA2025-58, MFSA2025-59).

Who is affected

Mozilla Firefox before version 141, Firefox ESR before versions 115.26, 128.13, and 140.1, Mozilla Thunderbird before version 141, Thunderbird before versions 128.13 and 140.1 — only on devices with arm64 architecture.

Analysis generated by Claude AI (Anthropic) based on NVD data. Always verify with vendor.
CVSS Vector
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
  • Mozilla Firefox

    APP
    Mozilla
    < 115.26.0< 141.0128.0 – 128.13.0 (bez)140.0 – 140.1.0 (bez)
  • Mozilla Thunderbird

    APP
    Mozilla
    < 128.13.0< 141.0140.0 – 140.1.0 (bez)
🔵
CHECK WITH VENDOR
No clear patch data available. Check vendor references.
CWE
References

Related vulnerabilities

CVE-2024-9680CRITICAL9.8⚠ KEVPL ✓ten sam produkt

Use-after-free w Animation timelines Firefox/Thunderbird — RCE

CVE-2022-26486CRITICAL9.6⚠ KEVten sam produkt

An unexpected message in the WebGPU IPC framework could lead to a use-after-free and exploitable sandbox escap...

CVE-2019-11708CRITICAL10.0⚠ KEVten sam produkt

Insufficient vetting of parameters passed with the Prompt:Open IPC message between child and parent processes ...

CVE-2010-3765CRITICAL9.8⚠ KEVten sam produkt

Mozilla Firefox 3.5.x through 3.5.14 and 3.6.x through 3.6.11, Thunderbird 3.1.6 before 3.1.6 and 3.0.x before...

CVE-2026-14241CRITICAL9.8ten sam produkt

Memory safety bugs present in Firefox 152.0.3. Some of these bugs showed evidence of memory corruption and we ...