CVE-2017-7820
N/A
N/A
Summary
The "instanceof" operator can bypass the Xray wrapper mechanism. When called on web content from the browser itself or an extension the web content can provide its own result for that operator, possibly tricking the browser or extension into mishandling the element. This vulnerability affects Firefox < 56.
Affected Software
| Vendor | Product | Version Range | Status |
|---|---|---|---|
| Mozilla | Firefox | unspecified < 56 | affected |
Weaknesses
- Xray wrapper bypass with new tab and web console
ADP Enrichment
CVE Program Container
Additional References
- http://www.securitytracker.com/id/1039465
- https://bugzilla.mozilla.org/show_bug.cgi?id=1378207
- https://www.mozilla.org/security/advisories/mfsa2017-21/
- http://www.securityfocus.com/bid/101057
References
- http://www.securitytracker.com/id/1039465
- https://bugzilla.mozilla.org/show_bug.cgi?id=1378207
- https://www.mozilla.org/security/advisories/mfsa2017-21/
- http://www.securityfocus.com/bid/101057
Feedback
Was this page helpful?
Glad to hear it! Please tell us how we can improve.
Sorry to hear that. Please tell us how we can improve.