CVE-2011-1712

Mozilla Firefox <3.5.19, 3.6.x <3.6.17, 4.x <4.0.1 - Info Disclosure

Title source: llm
STIX 2.1

Description

The txXPathNodeUtils::getXSLTId function in txMozillaXPathTreeWalker.cpp and txStandaloneXPathTreeWalker.cpp in Mozilla Firefox before 3.5.19, 3.6.x before 3.6.17, and 4.x before 4.0.1, and SeaMonkey before 2.0.14, allows remote attackers to obtain potentially sensitive information about heap memory addresses via an XML document containing a call to the XSLT generate-id XPath function.

References (5)

Core 5

Scores

EPSS 0.0107
EPSS Percentile 60.9%

Details

CWE
CWE-200
Status published
Products (47)
mozilla/firefox 1.0 (2 CPE variants)
mozilla/firefox 1.0.1
mozilla/firefox 1.0.2
mozilla/firefox 1.0.3
mozilla/firefox 1.0.4
mozilla/firefox 1.0.5
mozilla/firefox 1.0.6
mozilla/firefox 1.0.7
mozilla/firefox 1.0.8
mozilla/firefox 1.5 (3 CPE variants)
... and 37 more
Published Apr 15, 2011
Tracked Since Feb 18, 2026