CVE-2011-1712Sensitive Information Exposure in Mozilla Firefox

CWE-200Sensitive Information Exposure5 documents5 sources
Severity
4.3MEDIUMNVD
EPSS
0.3%
top 43.92%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
2
Mozilla FirefoxMozilla Seamonkey
Timeline
PublishedApr 15
Latest updateMay 17

Description

The txXPathNodeUtils::getXSLTId function in txMozillaXPathTreeWalker.cpp and txStandaloneXPathTreeWalker.cpp in Mozilla Firefox before 3.5.19, 3.6.x before 3.6.17, and 4.x before 4.0.1, and SeaMonkey before 2.0.14, allows remote attackers to obtain potentially sensitive information about heap memory addresses via an XML document containing a call to the XSLT generate-id XPath function.

CVSS vector

AV:N/AC:M/C:P/I:N/A:NExploitability: 8.6 | Impact: 2.9

Affected Packages2 packages

NVDmozilla/firefox3.5.18+103
NVDmozilla/seamonkey2.0.13+45

Patches

Patch: bugzilla.mozilla.orgPatch: bugzilla.mozilla.org

🔴Vulnerability Details

2
GHSA
GHSA-8rr4-9q45-q5mw: The txXPathNodeUtils::getXSLTId function in txMozillaXPathTreeWalker2022-05-17
CVEList
CVE-2011-1712: The txXPathNodeUtils::getXSLTId function in txMozillaXPathTreeWalker2011-04-15

📋Vendor Advisories

1
Red Hat
firefox: information leak due to XSLT2011-03-09

💬Community

1
Bugzilla
CVE-2011-1712 firefox: information leak due to XSLT2011-04-19
CVE-2011-1712 — Sensitive Information Exposure | cvebase