The "instanceof" operator can bypass the Xray wrapper mechanism. When called on web content from the browser itself or an extension the web content can provide its own result for that operator, possibly tricking the browser or extension into mishandling the element. This vulnerability affects Firefox < 56.
References
Link | Resource |
---|---|
http://www.securityfocus.com/bid/101057 | Third Party Advisory VDB Entry |
http://www.securitytracker.com/id/1039465 | Third Party Advisory VDB Entry |
https://bugzilla.mozilla.org/show_bug.cgi?id=1378207 | Exploit Issue Tracking |
https://www.mozilla.org/security/advisories/mfsa2017-21/ | Vendor Advisory |
History
No history.
MITRE Information
Status: PUBLISHED
Assigner: mozilla
Published: 2018-06-11T21:00:00
Updated: 2018-06-12T09:57:01
Reserved: 2017-04-12T00:00:00
Link: CVE-2017-7820
JSON object: View
NVD Information
Status : Analyzed
Published: 2018-06-11T21:29:10.873
Modified: 2019-10-03T00:03:26.223
Link: CVE-2017-7820
JSON object: View
Redhat Information
No data.
CWE