CVE-2025-8028
BaseFortify
Publication date: 2025-07-22
Last updated on: 2026-04-13
Assigner: Mozilla Corporation
Description
Description
CVSS Scores
EPSS Scores
| Probability: | |
| Percentile: |
Meta Information
Affected Vendors & Products
| Vendor | Product | Version / Range |
|---|---|---|
| mozilla | firefox | From 60.9.0 (exc) |
| mozilla | firefox | From 60.9.0 (exc) |
| mozilla | firefox | From 60.9.0 (exc) |
| mozilla | firefox | From 60.9.0 (exc) |
| mozilla | thunderbird | to 140.0 (inc) |
| mozilla | thunderbird | to 140.0 (inc) |
| mozilla | thunderbird | to 140.0 (inc) |
Helpful Resources
Exploitability
| CWE ID | Description |
|---|---|
| CWE-1332 | The device is missing or incorrectly implements circuitry or sensors that detect and mitigate the skipping of security-critical CPU instructions when they occur. |
Attack-Flow Graph
AI Powered Q&A
Can you explain this vulnerability to me?
This vulnerability occurs on arm64 architectures when a WebAssembly (WASM) 'br_table' instruction contains many entries. The label for the branch can become too far from the instruction, causing truncation and incorrect calculation of the branch address. This can lead to unexpected behavior during execution.
How can this vulnerability impact me? :
The incorrect computation of the branch address due to this vulnerability could cause unexpected or incorrect program behavior in affected versions of Firefox and Thunderbird on arm64. This might lead to crashes or potentially exploitable conditions depending on how the incorrect branching is handled.