CVE-2011-1202
Google Chrome < 10.0.648.127 - Exposure of Sensitive Information via XSLT generate-id Function
Title source: llmDescription
The xsltGenerateIdFunction function in functions.c in libxslt 1.1.26 and earlier, as used in Google Chrome before 10.0.648.127 and other products, allows remote attackers to obtain potentially sensitive information about heap memory addresses via an XML document containing a call to the XSLT generate-id XPath function.
References (12)
Core 12
Core References
Third Party Advisory vdb-entry
signature
x_refsource_oval
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A14244
Third Party Advisory, VDB Entry vdb-entry
x_refsource_bid
http://www.securityfocus.com/bid/46785
Patch, Third Party Advisory x_refsource_confirm
http://git.gnome.org/browse/libxslt/commit/?id=ecb6bcb8d1b7e44842edde3929f412d46b40c89f
Third Party Advisory vendor-advisory
x_refsource_mandriva
http://www.mandriva.com/security/advisories?name=MDVSA-2011:079
Vendor Advisory x_refsource_confirm
http://googlechromereleases.blogspot.com/2011/03/chrome-stable-release.html
Third Party Advisory x_refsource_misc
http://scarybeastsecurity.blogspot.com/2011/03/multi-browser-heap-address-leak-in-xslt.html
Exploit, Issue Tracking, Patch, Vendor Advisory x_refsource_confirm
http://code.google.com/p/chromium/issues/detail?id=73716
Third Party Advisory, VDB Entry vdb-entry
x_refsource_xf
https://exchange.xforce.ibmcloud.com/vulnerabilities/65966
Issue Tracking, Third Party Advisory x_refsource_confirm
https://bugzilla.redhat.com/show_bug.cgi?id=684386
Third Party Advisory vendor-advisory
x_refsource_mandriva
http://www.mandriva.com/security/advisories?name=MDVSA-2012:164
Third Party Advisory x_refsource_confirm
http://downloads.avaya.com/css/P8/documents/100144158
Permissions Required vdb-entry
x_refsource_vupen
http://www.vupen.com/english/advisories/2011/0628
Scores
EPSS
0.0242
EPSS Percentile
82.2%
Details
CWE
CWE-200
Status
published
Products (2)
google/chrome
< 10.0.648.127
xmlsoft/libxslt
< 1.1.26
Published
Mar 11, 2011
Tracked Since
Feb 18, 2026