PT-2025-30477 · Mozilla+10 · Firefox+12

Gary Kwong

Published

2025-07-22

Updated

2026-02-11

CVE-2025-8028

CVSS v3.1

9.8

Critical

Vector

AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Name of the Vulnerable Software and Affected Versions Firefox versions prior to 141 Firefox ESR versions prior to 115.26 Firefox ESR versions prior to 128.13 Firefox ESR versions prior to 140.1 Thunderbird versions prior to 141 Thunderbird versions prior to 128.13 Thunderbird versions prior to 140.1

Description On arm64 architecture, a WebAssembly (WASM) br table instruction with a large number of entries could result in the label being truncated due to its distance from the instruction. This truncation leads to an incorrect calculation of the branch address.

Recommendations Update Firefox to version 141 or later. Update Firefox ESR to version 115.26 or later. Update Firefox ESR to version 128.13 or later. Update Firefox ESR to version 140.1 or later. Update Thunderbird to version 141 or later. Update Thunderbird to version 128.13 or later. Update Thunderbird to version 140.1 or later.

Fix

Buffer Overflow

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-119CWE-1332

Related Identifiers

ALSA-2025:11747

ALSA-2025:11748

ALSA-2025:11797

ALSA-2025:12187

ALSA-2025:12188

ALSA-2025:13676

ALT-PU-2025-10124

ALT-PU-2025-10542

ALT-PU-2025-11100

ALT-PU-2025-11495

ALT-PU-2025-11497

ALT-PU-2025-14599

ALT-PU-2025-9988

BDU:2025-08995

CESA-2025_11747

CESA-2025_13676

CVE-2025-8028

DLA-4250-1

DLA-4253-1

DSA-5964-1

DSA-5966-1

INFSA-2025_11747

INFSA-2025_11748

INFSA-2025_12187

INFSA-2025_13676

MGASA-2025-0227

MGASA-2025-0228

OESA-2025-1933

OESA-2025-1934

OESA-2025-1935

OESA-2025-1936

OESA-2025-1937

OESA-2025-2099

OPENSUSE-SU-2025-20135-1

OPENSUSE-SU-2025:15371-1

OPENSUSE-SU-2025:15383-1

OPENSUSE-SU-2025:15386-1

OPENSUSE-SU-2025:15387-1

OPENSUSE-SU-2025:20135-1

RHSA-2025:11747

RHSA-2025:11748

RHSA-2025:11797

RHSA-2025:12044

RHSA-2025:12045

RHSA-2025:12046

RHSA-2025:12187

RHSA-2025:12188

RHSA-2025:12278

RHSA-2025:12302

RHSA-2025:12353

RHSA-2025:12360

RHSA-2025:12361

RHSA-2025:13645

RHSA-2025:13646

RHSA-2025:13647

RHSA-2025:13648

RHSA-2025:13649

RHSA-2025:13650

RHSA-2025:13651

RHSA-2025:13676

RHSA-2025_11747

RHSA-2025_11748

RHSA-2025_12187

RHSA-2025_13676

SUSE-SU-2025:02529-1

SUSE-SU-2025:02531-1

SUSE-SU-2025:02546-1

SUSE-SU-2025:21170-1

SUSE-SU-2025_02529-1

SUSE-SU-2025_02531-1

USN-7991-1

Affected Products

Alt Linux

Almalinux

Centos

Debian

Firefox

Firefox Esr

Linuxmint

Red Hat

Red Os

Rocky Linux

Suse

Thunderbird

Ubuntu

PT-2025-30477 · Mozilla+10 · Firefox+12

CVE-2025-8028

Weakness Enumeration

Related Identifiers

Affected Products

References · 300