Main Vulnerability Database Vulnerabilities #VU8631

#VU8631 Security restrictions bypass in Mozilla Firefox - CVE-2017-7820

Published: September 28, 2017 / Updated: September 29, 2017

Vulnerability identifier: #VU8631

Vulnerability risk: Low

CVSSv4.0: CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:A/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N/E:U/U:Clear

CVE-ID: CVE-2017-7820

CWE-ID: CWE-264

Exploitation vector: Remote access

Exploit availability: No public exploit available

Vulnerable software:
Mozilla Firefox

Software vendor:
Mozilla

Description

The vulnerability allows a remote attacker to bypass certain security restrictions.

The instanceof operator can bypass the Xray wrapper mechanism. When called on web content from the browser itself or an extension the web content can provide its own result for that operator, possibly tricking the browser or extension into mishandling the element.

Remediation

Update to version 56.0.

External links

https://www.mozilla.org/en-US/security/advisories/mfsa2017-21/

#VU8631 Security restrictions bypass in Mozilla Firefox - CVE-2017-7820

Description

Remediation

External links

Please verify you're human