← Back

CVE-2017-7820

nvd nist
Published: Jun 11, 2018Modified: Nov 21, 2024

JSON object

Loading...
5.3
Vector
CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N
Exploitability: 3.9 / Impact: 1.4
Source: NVD

Description

The "instanceof" operator can bypass the Xray wrapper mechanism. When called on web content from the browser itself or an extension the web content can provide its own result for that operator, possibly tricking the browser or extension into mishandling the element. This vulnerability affects Firefox < 56.

Affected (1)

Products: Mozilla: Firefox
Mozilla
1 product
Firefox
Configuration A
1 vulnerable
Vulnerable SoftwareAffected Versions
Firefox
Up to 55.0.3

References (8)

Source: security@mozilla.org
Third Party AdvisoryVDB Entry
Source: security@mozilla.org
Third Party AdvisoryVDB Entry
Source: security@mozilla.org
ExploitIssue Tracking
Source: security@mozilla.org
Vendor Advisory
Source: af854a3a-2127-422b-91ae-364da2661108
Third Party AdvisoryVDB Entry
Source: af854a3a-2127-422b-91ae-364da2661108
Third Party AdvisoryVDB Entry
Source: af854a3a-2127-422b-91ae-364da2661108
ExploitIssue Tracking
Source: af854a3a-2127-422b-91ae-364da2661108
Vendor Advisory

Timeline

No history available yet.