cbcvebase.
CVE-2017-7820
published 2018-06-11

CVE-2017-7820: The "instanceof" operator can bypass the Xray wrapper mechanism. When called on web content from the browser itself or an extension the web content can provide…

PriorityP424medium5.3CVSS 3.0
AVNACLPRNUINSUCNILAN
EPSS
1.19%
64.1th percentile
The "instanceof" operator can bypass the Xray wrapper mechanism. When called on web content from the browser itself or an extension the web content can provide its own result for that operator, possibly tricking the browser or extension into mishandling the element. This vulnerability affects Firefox < 56.

Affected

8 ranges
VendorProductVersion rangeFixed in
debianfirefox< firefox 56.0-1 (sid)firefox 56.0-1 (sid)
mozillafirefox<= 55.0.3
mozillafirefox>= 0 < 56.0+build6-0ubuntu0.14.04.156.0+build6-0ubuntu0.14.04.1
mozillafirefox>= 0 < 56.0+build6-0ubuntu0.14.04.256.0+build6-0ubuntu0.14.04.2
mozillafirefox>= 0 < 56.0+build6-0ubuntu0.16.04.156.0+build6-0ubuntu0.16.04.1
mozillafirefox>= 0 < 56.0+build6-0ubuntu0.16.04.256.0+build6-0ubuntu0.16.04.2
mozillafirefox>= 0 < 56.0+build6-0ubuntu156.0+build6-0ubuntu1
mozillafirefox>= unspecified < 5656

CVSS provenance

nvdv3.05.3MEDIUMCVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N
nvdv2.05.0MEDIUMAV:N/AC:L/Au:N/C:N/I:P/A:N
osv9.8CRITICAL
vendor_ubuntu9.8CRITICAL
vendor_debian5.3MEDIUM
Stop checking back — get the weekly exploitation signal.

Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.