CRC errors are generally physical problems with the cable being used such as electrical shorts or possibly electromagnetic interference in the case of copper. The latter can generally only happen if there is a network cable in a long run next to power cables/conduits. Could possibly be a bad switch port or a bad NIC port on the firewall but that is pretty rare, usually it is an issue with the cable or connector. Could also be a duplex mismatch if using Fast Ethernet but duplex mismatches are practically impossible with Gigabit Ethernet in use.
Any CRC or other errors being shown on the switch port the firewall is attached to? Also are the CRC errors happening in clumps or slowly accumulating over long periods of time? Use sar -n EDEV to investigate the frequency of those CRC errors occurring. The CRC error rate really should be zero, but the errored frame rate due to CRC errors on your interface is a mere 0.043% which is pretty negligible. Unfortunately there is no easy way to capture these CRC-errored frames with tcpdump since the Ethernet NIC card/driver will not actually forward them up to the operating system for processing.
As far as tx_flow_control_xon and tx_flow_control_xoff being nonzero yet no actual NIC overruns occurred (RX-OVR), my interpretation is that the firewall NIC was coming close to an buffer overrun condition and issued the XOFF, but did not actually overrun and lose any frames. Probably not related to the CRC errors.
Second Edition of my "Max Power" Firewall Book
Now Available at http://www.maxpowerfirewalls.com
New 2-day Live "Max Power" Series Course Now Available:
"Gateway Performance Optimization R81.20" at maxpowerfirewalls.com