Back to search
CVE-2017-7820
Published: Jun 11, 2018
Modified: Aug 5, 2024
PUBLISHED
Description
The "instanceof" operator can bypass the Xray wrapper mechanism. When called on web content from the browser itself or an extension the web content can provide its own result for that operator, possibly tricking the browser or extension into mishandling the element. This vulnerability affects Firefox < 56.
| Vendor | Product | Versions |
|---|---|---|
Mozilla | Firefox | affected unspecified - < 56 |
References
1039465
vdb-entry
x_refsource_SECTRACK
https://bugzilla.mozilla.org/show_bug.cgi?id=1378207
x_refsource_CONFIRM
https://www.mozilla.org/security/advisories/mfsa2017-21/
x_refsource_CONFIRM
101057
vdb-entry
x_refsource_BID
Security Training
Train your team to recognize and prevent security threats with our comprehensive security awareness program.
Start TrainingVulnerability Scanning
Discover vulnerabilities in your applications and infrastructure before attackers do.
Scan Now