一、漏洞信息

漏洞编号：[CVE-2025-8028](https://nvd.nist.gov/vuln/detail/CVE-2025-8028)

漏洞归属组件：[firefox](https://gitee.com/src-openeuler/firefox)

CVSS V3.0分值：

BaseScore：N/A None

Vector：CVSS：3.0/

漏洞简述：

漏洞详情参考链接：

https://nvd.nist.gov/vuln/detail/CVE-2025-8028

<details>

<summary>更多参考(点击展开)</summary>

1.master(128.12.0):

2.openEuler-20.03-LTS-SP4(79.0):

3.openEuler-22.03-LTS-SP3(128.12.0):

4.openEuler-22.03-LTS-SP4(128.12.0):

5.openEuler-24.03-LTS(128.12.0):

6.openEuler-24.03-LTS-Next(128.12.0):

7.openEuler-24.03-LTS-SP1(128.12.0):

8.openEuler-24.03-LTS-SP2(128.12.0):

1.master(128.12.0):

2.openEuler-20.03-LTS-SP4(79.0):

3.openEuler-22.03-LTS-SP3(128.12.0):

4.openEuler-22.03-LTS-SP4(128.12.0):

5.openEuler-24.03-LTS(128.12.0):

6.openEuler-24.03-LTS-Next(128.12.0):

7.openEuler-24.03-LTS-SP1(128.12.0):

8.openEuler-24.03-LTS-SP2(128.12.0):

一、漏洞信息

漏洞编号：[CVE-2025-8028](https://nvd.nist.gov/vuln/detail/CVE-2025-8028)

漏洞归属组件：[firefox](https://gitee.com/src-openeuler/firefox)

漏洞归属的版本：102.14.0,102.15.0,102.8.0,115.15.0,128.8.0,62.0.3,79.0

CVSS V3.0分值：

漏洞简述：

漏洞公开时间：2025-07-23 05:15:49

漏洞创建时间：2025-07-23 01:46:52

漏洞详情参考链接：

https://nvd.nist.gov/vuln/detail/CVE-2025-8028

<details>

<summary>更多参考(点击展开)</summary>

| 参考来源 | 参考链接 | 来源链接 |

| ------- | -------- | -------- |

| | https://bugzilla.mozilla.org/show_bug.cgi?id=1971581 | |

| | https://www.mozilla.org/security/advisories/mfsa2025-56/ | |

| | https://www.mozilla.org/security/advisories/mfsa2025-57/ | |

| | https://www.mozilla.org/security/advisories/mfsa2025-58/ | |

| | https://www.mozilla.org/security/advisories/mfsa2025-59/ | |

| | https://www.mozilla.org/security/advisories/mfsa2025-61/ | |

| | https://www.mozilla.org/security/advisories/mfsa2025-62/ | |

| | https://www.mozilla.org/security/advisories/mfsa2025-63/ | |

一、漏洞信息

漏洞编号：[CVE-2025-8028](https://nvd.nist.gov/vuln/detail/CVE-2025-8028)

漏洞归属组件：[firefox](https://gitee.com/src-openeuler/firefox)

漏洞归属的版本：102.14.0,102.15.0,102.8.0,115.15.0,128.8.0,62.0.3,79.0

CVSS V3.0分值：

BaseScore：9.8 Critical

Vector：CVSS：3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

漏洞简述：

漏洞公开时间：2025-07-23 05:15:49

漏洞创建时间：2025-07-23 01:46:52

漏洞详情参考链接：

https://nvd.nist.gov/vuln/detail/CVE-2025-8028

<details>

<summary>更多参考(点击展开)</summary>

| 参考来源 | 参考链接 | 来源链接 |

| ------- | -------- | -------- |

| | https://bugzilla.mozilla.org/show_bug.cgi?id=1971581 | |

| | https://www.mozilla.org/security/advisories/mfsa2025-56/ | |

| | https://www.mozilla.org/security/advisories/mfsa2025-57/ | |

| | https://www.mozilla.org/security/advisories/mfsa2025-58/ | |

| | https://www.mozilla.org/security/advisories/mfsa2025-59/ | |

| | https://www.mozilla.org/security/advisories/mfsa2025-61/ | |

| | https://www.mozilla.org/security/advisories/mfsa2025-62/ | |

| | https://www.mozilla.org/security/advisories/mfsa2025-63/ | |

| | https://security-tracker.debian.org/tracker/CVE-2025-8028 | |

</details>

漏洞分析指导链接：

https://gitee.com/openeuler/cve-manager/blob/master/cve-vulner-manager/doc/md/manual.md

漏洞数据来源:

其他

漏洞补丁信息：

<details>

<summary>详情(点击展开)</summary>

无

</details>

二、漏洞分析结构反馈

影响性分析说明：

openEuler评分：

受影响版本排查(受影响/不受影响)：

1.master(128.12.0):

2.openEuler-20.03-LTS-SP4(79.0):

3.openEuler-22.03-LTS-SP3(128.12.0):

4.openEuler-22.03-LTS-SP4(128.12.0):

5.openEuler-24.03-LTS(128.12.0):

6.openEuler-24.03-LTS-Next(128.12.0):

7.openEuler-24.03-LTS-SP1(128.12.0):

8.openEuler-24.03-LTS-SP2(128.12.0):

修复是否涉及abi变化(是/否)：

1.master(128.12.0):

2.openEuler-20.03-LTS-SP4(79.0):

3.openEuler-22.03-LTS-SP3(128.12.0):

4.openEuler-22.03-LTS-SP4(128.12.0):

5.openEuler-24.03-LTS(128.12.0):

6.openEuler-24.03-LTS-Next(128.12.0):

7.openEuler-24.03-LTS-SP1(128.12.0):

8.openEuler-24.03-LTS-SP2(128.12.0):

原因说明：

1.master(128.12.0):

2.openEuler-20.03-LTS-SP4(79.0):

3.openEuler-22.03-LTS-SP3(128.12.0):

4.openEuler-22.03-LTS-SP4(128.12.0):

5.openEuler-24.03-LTS(128.12.0):

6.openEuler-24.03-LTS-Next(128.12.0):

7.openEuler-24.03-LTS-SP1(128.12.0):

8.openEuler-24.03-LTS-SP2(128.12.0):

一、漏洞信息

漏洞编号：[CVE-2025-8028](https://nvd.nist.gov/vuln/detail/CVE-2025-8028)

漏洞归属组件：[firefox](https://gitee.com/src-openeuler/firefox)

漏洞归属的版本：102.14.0,102.15.0,102.8.0,115.15.0,128.8.0,62.0.3,79.0

CVSS V3.0分值：

BaseScore：9.8 Critical

Vector：CVSS：3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

漏洞简述：

On arm64, a WASM `br_table` instruction with a lot of entries could lead to the label being too far from the instruction causing truncation and incorrect computation of the branch address. This vulnerability affects Firefox < 141, Firefox ESR < 115.26, Firefox ESR < 128.13, Firefox ESR < 140.1, Thunderbird < 141, Thunderbird < 128.13, and Thunderbird < 140.1.

漏洞公开时间：2025-07-23 05:15:49

漏洞创建时间：2025-07-23 01:46:52

漏洞详情参考链接：

https://nvd.nist.gov/vuln/detail/CVE-2025-8028

<details>

<summary>更多参考(点击展开)</summary>

| 参考来源 | 参考链接 | 来源链接 |

| ------- | -------- | -------- |

| | https://bugzilla.mozilla.org/show_bug.cgi?id=1971581 | |

| | https://www.mozilla.org/security/advisories/mfsa2025-56/ | |

| | https://www.mozilla.org/security/advisories/mfsa2025-57/ | |

| | https://www.mozilla.org/security/advisories/mfsa2025-58/ | |

| | https://www.mozilla.org/security/advisories/mfsa2025-59/ | |

| | https://www.mozilla.org/security/advisories/mfsa2025-61/ | |

| | https://www.mozilla.org/security/advisories/mfsa2025-62/ | |

| | https://www.mozilla.org/security/advisories/mfsa2025-63/ | |

| | https://security-tracker.debian.org/tracker/CVE-2025-8028 | |

</details>

漏洞分析指导链接：

https://gitee.com/openeuler/cve-manager/blob/master/cve-vulner-manager/doc/md/manual.md

漏洞数据来源:

其他

漏洞补丁信息：

<details>

<summary>详情(点击展开)</summary>

无

</details>

二、漏洞分析结构反馈

影响性分析说明：

openEuler评分：

一、漏洞信息

漏洞编号：[CVE-2025-8028](https://nvd.nist.gov/vuln/detail/CVE-2025-8028)

漏洞归属组件：[firefox](https://gitee.com/src-openeuler/firefox)

漏洞归属的版本：102.14.0,102.15.0,102.8.0,115.15.0,128.8.0,62.0.3,79.0

CVSS V3.0分值：

BaseScore：9.8 Critical

Vector：CVSS：3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

漏洞简述：

漏洞公开时间：2025-07-23 05:15:49

漏洞创建时间：2025-07-23 01:46:52

漏洞详情参考链接：

https://nvd.nist.gov/vuln/detail/CVE-2025-8028

<details>

<summary>更多参考(点击展开)</summary>

| 参考来源 | 参考链接 | 来源链接 |

| ------- | -------- | -------- |

| | https://bugzilla.mozilla.org/show_bug.cgi?id=1971581 | |

| | https://www.mozilla.org/security/advisories/mfsa2025-56/ | |

| | https://www.mozilla.org/security/advisories/mfsa2025-57/ | |

| | https://www.mozilla.org/security/advisories/mfsa2025-58/ | |

| | https://www.mozilla.org/security/advisories/mfsa2025-59/ | |

| | https://www.mozilla.org/security/advisories/mfsa2025-61/ | |

| | https://www.mozilla.org/security/advisories/mfsa2025-62/ | |

| | https://www.mozilla.org/security/advisories/mfsa2025-63/ | |

一、漏洞信息

漏洞编号：[CVE-2025-8028](https://nvd.nist.gov/vuln/detail/CVE-2025-8028)

漏洞归属组件：[firefox](https://gitee.com/src-openeuler/firefox)

漏洞归属的版本：102.14.0,102.15.0,102.8.0,115.15.0,128.8.0,62.0.3,79.0

CVSS V3.0分值：

BaseScore：9.8 Critical

Vector：CVSS：3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

漏洞简述：

A vulnerability was found in Mozilla Firefox up to 140 on ARM64 (Web Browser). It has been declared as critical.The CWE definition for the vulnerability is CWE-119. The product performs operations on a memory buffer, but it can read from or write to a memory location that is outside of the intended boundary of the buffer.As an impact it is known to affect confidentiality, integrity, and availability.Upgrading to version 141 eliminates this vulnerability.

漏洞公开时间：2025-07-23 05:15:49

漏洞创建时间：2025-07-23 01:46:52

漏洞详情参考链接：

https://nvd.nist.gov/vuln/detail/CVE-2025-8028

<details>

<summary>更多参考(点击展开)</summary>

| 参考来源 | 参考链接 | 来源链接 |

| ------- | -------- | -------- |

| | https://bugzilla.mozilla.org/show_bug.cgi?id=1971581 | |

| | https://www.mozilla.org/security/advisories/mfsa2025-56/ | |

| | https://www.mozilla.org/security/advisories/mfsa2025-57/ | |

| | https://www.mozilla.org/security/advisories/mfsa2025-58/ | |

| | https://www.mozilla.org/security/advisories/mfsa2025-59/ | |

| | https://www.mozilla.org/security/advisories/mfsa2025-61/ | |

| | https://www.mozilla.org/security/advisories/mfsa2025-62/ | |

| | https://www.mozilla.org/security/advisories/mfsa2025-63/ | |

| | https://www.mozilla.org/security/advisories/mfsa2025-56/ | |

| | https://www.mozilla.org/security/advisories/mfsa2025-57/ | |

| | https://www.mozilla.org/security/advisories/mfsa2025-58/ | |

| | https://www.mozilla.org/security/advisories/mfsa2025-59/ | |

| | https://www.mozilla.org/security/advisories/mfsa2025-61/ | |

| | https://www.mozilla.org/security/advisories/mfsa2025-62/ | |

| | https://www.mozilla.org/security/advisories/mfsa2025-63/ | |

| | https://bugzilla.mozilla.org/show_bug.cgi?id=1971581 | |

| | https://security-tracker.debian.org/tracker/CVE-2025-8028 | |

| | https://ubuntu.com/security/CVE-2025-8028 | |

| | https://www.cve.org/CVERecord?id=CVE-2025-8028 | |

| | https://www.mozilla.org/en-US/security/advisories/mfsa2025-56/#CVE-2025-8028 | |

| | https://www.mozilla.org/en-US/security/advisories/mfsa2025-58/#CVE-2025-8028 | |

| | https://www.mozilla.org/en-US/security/advisories/mfsa2025-62/#CVE-2025-8028 | |

| | https://bugzilla.mozilla.org/show_bug.cgi?id=1971581 | |

| | https://www.mozilla.org/security/advisories/mfsa2025-56/ | |

| | https://www.mozilla.org/security/advisories/mfsa2025-57/ | |

| | https://www.mozilla.org/security/advisories/mfsa2025-58/ | |

| | https://www.mozilla.org/security/advisories/mfsa2025-59/ | |

| | https://www.mozilla.org/security/advisories/mfsa2025-61/ | |

| | https://www.mozilla.org/security/advisories/mfsa2025-62/ | |

| | https://www.mozilla.org/security/advisories/mfsa2025-63/ | |

| | https://bugzilla.mozilla.org/show_bug.cgi?id=1971581 | |

| | https://www.mozilla.org/security/advisories/mfsa2025-56/ | |

| | https://www.mozilla.org/security/advisories/mfsa2025-57/ | |

| | https://www.mozilla.org/security/advisories/mfsa2025-58/ | |

| | https://www.mozilla.org/security/advisories/mfsa2025-59/ | |

| | https://www.mozilla.org/security/advisories/mfsa2025-61/ | |

| | https://www.mozilla.org/security/advisories/mfsa2025-62/ | |

| | https://www.mozilla.org/security/advisories/mfsa2025-63/ | |

| | https://nvd.nist.gov/vuln/detail/CVE-2025-8028 | |

一、漏洞信息

漏洞编号：[CVE-2025-8028](https://nvd.nist.gov/vuln/detail/CVE-2025-8028)

漏洞归属组件：[firefox](https://gitee.com/src-openeuler/firefox)

漏洞归属的版本：102.14.0,102.15.0,102.8.0,115.15.0,128.8.0,62.0.3,79.0

CVSS V3.0分值：

BaseScore：9.8 Critical

Vector：CVSS：3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

漏洞简述：

A vulnerability was found in Mozilla Firefox up to 140 on ARM64 (Web Browser). It has been declared as critical.The CWE definition for the vulnerability is CWE-119. The product performs operations on a memory buffer, but it can read from or write to a memory location that is outside of the intended boundary of the buffer.As an impact it is known to affect confidentiality, integrity, and availability.Upgrading to version 141 eliminates this vulnerability.

漏洞公开时间：2025-07-23 05:15:49

漏洞创建时间：2025-07-23 01:46:52

漏洞详情参考链接：

https://nvd.nist.gov/vuln/detail/CVE-2025-8028

<details>

<summary>更多参考(点击展开)</summary>

| 参考来源 | 参考链接 | 来源链接 |

| ------- | -------- | -------- |

| | https://bugzilla.mozilla.org/show_bug.cgi?id=1971581 | |

| | https://www.mozilla.org/security/advisories/mfsa2025-56/ | |

| | https://www.mozilla.org/security/advisories/mfsa2025-57/ | |

| | https://www.mozilla.org/security/advisories/mfsa2025-58/ | |

| | https://www.mozilla.org/security/advisories/mfsa2025-59/ | |

| | https://www.mozilla.org/security/advisories/mfsa2025-61/ | |

| | https://www.mozilla.org/security/advisories/mfsa2025-62/ | |

| | https://www.mozilla.org/security/advisories/mfsa2025-63/ | |

</details>

漏洞分析指导链接：

https://gitee.com/openeuler/cve-manager/blob/master/cve-vulner-manager/doc/md/manual.md

漏洞数据来源:

其他

漏洞补丁信息：

<details>

<summary>详情(点击展开)</summary>

无

</details>

二、漏洞分析结构反馈

影响性分析说明：

该漏洞通过升级128.13.0版本修复 https://www.mozilla.org/en-US/security/advisories/mfsa2025-58/

openEuler评分：

9.8

Vector：CVSS：3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

受影响版本排查(受影响/不受影响)：

1.master(128.12.0):受影响

2.openEuler-20.03-LTS-SP4(79.0):受影响

3.openEuler-22.03-LTS-SP3(128.12.0):受影响

4.openEuler-22.03-LTS-SP4(128.12.0):受影响

5.openEuler-24.03-LTS(128.12.0):受影响

6.openEuler-24.03-LTS-Next(128.12.0):受影响

7.openEuler-24.03-LTS-SP1(128.12.0):受影响

8.openEuler-24.03-LTS-SP2(128.12.0):受影响

修复是否涉及abi变化(是/否)：

1.master(128.12.0):否

2.openEuler-20.03-LTS-SP4(79.0):否

3.openEuler-22.03-LTS-SP3(128.12.0):否

4.openEuler-24.03-LTS(128.12.0):否

5.openEuler-24.03-LTS-Next(128.12.0):否

6.openEuler-22.03-LTS-SP4(128.12.0):否

7.openEuler-24.03-LTS-SP1(128.12.0):否

8.openEuler-24.03-LTS-SP2(128.12.0):否

原因说明：

1.master(128.12.0):正常修复

2.openEuler-22.03-LTS-SP3(128.12.0):正常修复

3.openEuler-24.03-LTS(128.12.0):正常修复

4.openEuler-24.03-LTS-Next(128.12.0):正常修复

5.openEuler-22.03-LTS-SP4(128.12.0):正常修复

6.openEuler-24.03-LTS-SP1(128.12.0):正常修复

7.openEuler-24.03-LTS-SP2(128.12.0):正常修复

8.openEuler-20.03-LTS-SP4(79.0):暂不修复-待升级版本修复