CVE-2025-8028 is a critical vulnerability affecting Mozilla Firefox and Thunderbird on arm64 architectures. The issue arises from the handling of WebAssembly (WASM) 'br_table' instructions that contain a large number of entries. Specifically, when the branch table is excessively large, the label that the instruction branches to may be located too far from the instruction itself. This distance causes the instruction to be truncated, leading to incorrect computation of the branch address. As a result, the program's control flow can be manipulated or corrupted. This vulnerability impacts Firefox versions prior to 141, and various Extended Support Release (ESR) versions prior to 115.26, 128.13, and 140.1, as well as Thunderbird versions prior to 141, 128.13, and 140.1. The vulnerability is classified under CWE-1332, which relates to improper handling of instruction truncation or branch target computation errors. The CVSS v3.1 base score is 9.8, indicating a critical severity level. The vector (AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H) shows that the vulnerability is remotely exploitable over the network without any privileges or user interaction, and it can lead to complete compromise of confidentiality, integrity, and availability. Although no known exploits are currently reported in the wild, the potential for exploitation is high given the ease of triggering the vulnerability via crafted WASM content. The lack of patch links suggests that fixes may be forthcoming or pending deployment. This vulnerability could allow attackers to execute arbitrary code, cause crashes, or bypass security mechanisms by corrupting control flow within the browser or email client, posing a significant risk to users on affected platforms.

For European organizations, the impact of CVE-2025-8028 is substantial due to the widespread use of Firefox and Thunderbird in both enterprise and public sectors. Successful exploitation could lead to remote code execution, enabling attackers to gain unauthorized access to sensitive data, deploy malware, or disrupt services. This is particularly critical for organizations handling sensitive personal data under GDPR, as breaches could result in regulatory penalties and reputational damage. The vulnerability affects arm64 devices, which are increasingly common in mobile and server environments, expanding the attack surface. Since no user interaction or privileges are required, attackers could exploit this vulnerability through malicious web content or email attachments, making phishing campaigns and drive-by downloads effective attack vectors. The potential for complete compromise of confidentiality, integrity, and availability means that critical infrastructure, government agencies, financial institutions, and healthcare providers in Europe could be targeted, leading to data breaches, operational disruptions, and loss of trust.

European organizations should prioritize updating Firefox and Thunderbird to versions 141 or later, or the specified ESR versions that include the fix once available. Until patches are deployed, organizations should consider disabling or restricting WebAssembly execution in Firefox and Thunderbird, especially on arm64 devices, through browser policies or configuration settings. Network-level protections such as web filtering and email scanning should be enhanced to detect and block malicious WASM payloads or suspicious attachments. Employing endpoint detection and response (EDR) solutions that monitor for abnormal process behavior related to Firefox or Thunderbird can help identify exploitation attempts. Additionally, organizations should conduct user awareness training to recognize phishing attempts that might deliver malicious WASM content. For critical environments, consider isolating or sandboxing browsers and email clients to limit the impact of potential exploitation. Monitoring Mozilla security advisories and applying patches promptly upon release is essential to maintain protection against this vulnerability.