CVE-2011-1712: Infoleak

First published: Fri Apr 15 2011(Updated: )

The txXPathNodeUtils::getXSLTId function in txMozillaXPathTreeWalker.cpp and txStandaloneXPathTreeWalker.cpp in Mozilla Firefox before 3.5.19, 3.6.x before 3.6.17, and 4.x before 4.0.1, and SeaMonkey before 2.0.14, allows remote attackers to obtain potentially sensitive information about heap memory addresses via an XML document containing a call to the XSLT generate-id XPath function.

Credit: cve@mitre.org

Affected Software	Affected Version	How to fix
Mozilla Firefox	=2.0.0.12
Mozilla Firefox	=1.5-beta2
Mozilla Firefox	=3.0.17
Mozilla Firefox	=3.5.3
Mozilla Firefox	=3.0.7
Mozilla Firefox	=1.5.2
Mozilla Firefox	=3.0.9
Mozilla Firefox	=1.5.0.6
Mozilla Firefox	=2.0.0.2
Mozilla Firefox	=1.5.0.10
Mozilla Firefox	<=3.5.18
Mozilla Firefox	=1.5.0.3
Mozilla Firefox	=3.5.6
Mozilla Firefox	=3.0.8
Mozilla Firefox	=1.5.0.11
Mozilla Firefox	=1.5.4
Mozilla Firefox	=1.0.2
Mozilla Firefox	=3.5
Mozilla Firefox	=3.5.5
Mozilla Firefox	=3.0.4
Mozilla Firefox	=1.5-beta1
Mozilla Firefox	=3.5.9
Mozilla Firefox	=3.5.4
Mozilla Firefox	=3.5.7
Mozilla Firefox	=3.0.5
Mozilla Firefox	=3.5.11
Mozilla Firefox	=1.5
Mozilla Firefox	=3.5.14
Mozilla Firefox	=1.0.4
Mozilla Firefox	=2.0.0.7
Mozilla Firefox	=1.0.7
Mozilla Firefox	=3.5.10
Mozilla Firefox	=3.5.1
Mozilla Firefox	=2.0.0.9
Mozilla Firefox	=3.0.14
Mozilla Firefox	=3.5.2
Mozilla Firefox	=2.0.0.16
Mozilla Firefox	=1.5.6
Mozilla Firefox	=2.0.0.17
Mozilla Firefox	=2.0.0.15
Mozilla Firefox	=3.0.10
Mozilla Firefox	=3.0.12
Mozilla Firefox	=1.0
Mozilla Firefox	=3.0.3
Mozilla Firefox	=1.5.0.7
Mozilla Firefox	=2.0
Mozilla Firefox	=1.0.1
Mozilla Firefox	=3.5.17
Mozilla Firefox	=2.0.0.14
Mozilla Firefox	=3.0.6
Mozilla Firefox	=3.0.15
Mozilla Firefox	=1.5.0.8
Mozilla Firefox	=2.0.0.3
Mozilla Firefox	=3.5.12
Mozilla Firefox	=1.5.0.9
Mozilla Firefox	=1.5.0.5
Mozilla Firefox	=1.5.7
Mozilla Firefox	=1.5.0.12
Mozilla Firefox	=2.0.0.6
Mozilla Firefox	=3.0
Mozilla Firefox	=2.0.0.11
Mozilla Firefox	=1.5.0.2
Mozilla Firefox	=1.0.3
Mozilla Firefox	=3.0.1
Mozilla Firefox	=2.0.0.4
Mozilla Firefox	=1.5.1
Mozilla Firefox	=2.0.0.13
Mozilla Firefox	=2.0.0.18
Mozilla Firefox	=3.5.13
Mozilla Firefox	=2.0.0.1
Mozilla Firefox	=3.0.2
Mozilla Firefox	=3.5.8
Mozilla Firefox	=1.5.5
Mozilla Firefox	=1.0-preview_release
Mozilla Firefox	=3.5.15
Mozilla Firefox	=2.0.0.20
Mozilla Firefox	=2.0.0.8
Mozilla Firefox	=2.0.0.19
Mozilla Firefox	=1.5.8
Mozilla Firefox	=1.5.3
Mozilla Firefox	=1.5.0.4
Mozilla Firefox	=1.5.0.1
Mozilla Firefox	=3.0.13
Mozilla Firefox	=3.5.16
Mozilla Firefox	=1.0.5
Mozilla Firefox	=2.0.0.5
Mozilla Firefox	=2.0.0.10
Mozilla Firefox	=1.0.6
Mozilla Firefox	=3.0.16
Mozilla Firefox	=1.0.8
Mozilla Firefox	=3.0.11
Mozilla Firefox	=3.6.2
Mozilla Firefox	=3.6.3
Mozilla Firefox	=3.6.15
Mozilla Firefox	=3.6.11
Mozilla Firefox	=3.6.8
Mozilla Firefox	=3.6.9
Mozilla Firefox	=3.6.14
Mozilla Firefox	=3.6.12
Mozilla Firefox	=3.6.6
Mozilla Firefox	=3.6.16
Mozilla Firefox	=3.6.10
Mozilla Firefox	=3.6.7
Mozilla Firefox	=3.6.4
Mozilla Firefox	=3.6
Mozilla Firefox	=3.6.13
Mozilla Firefox	=4.0-beta1
Mozilla SeaMonkey	=2.0.10
Mozilla SeaMonkey	=1.1.10
Mozilla SeaMonkey	=1.0.3
Mozilla SeaMonkey	=1.1.8
Mozilla SeaMonkey	=1.0.1
Mozilla SeaMonkey	=1.1.7
Mozilla SeaMonkey	=1.5.0.10
Mozilla SeaMonkey	=1.0.6
Mozilla SeaMonkey	=1.0.9
Mozilla SeaMonkey	=1.1.3
Mozilla SeaMonkey	=2.0.4
Mozilla SeaMonkey	=1.0
Mozilla SeaMonkey	=2.0.3
Mozilla SeaMonkey	=2.0.2
Mozilla SeaMonkey	=1.1.17
Mozilla SeaMonkey	=1.1.5
Mozilla SeaMonkey	=2.0.8
Mozilla SeaMonkey	=1.0.7
Mozilla SeaMonkey	=1.0-beta
Mozilla SeaMonkey	=1.1-alpha
Mozilla SeaMonkey	<=2.0.13
Mozilla SeaMonkey	=1.0-alpha
Mozilla SeaMonkey	=1.1.12
Mozilla SeaMonkey	=2.0.12
Mozilla SeaMonkey	=1.1
Mozilla SeaMonkey	=1.1.14
Mozilla SeaMonkey	=2.0.11
Mozilla SeaMonkey	=1.1.2
Mozilla SeaMonkey	=1.0.2
Mozilla SeaMonkey	=1.0.8
Mozilla SeaMonkey	=1.1.11
Mozilla SeaMonkey	=1.5.0.9
Mozilla SeaMonkey	=1.1-beta
Mozilla SeaMonkey	=1.1.1
Mozilla SeaMonkey	=2.0.9
Mozilla SeaMonkey	=1.5.0.8
Mozilla SeaMonkey	=2.0.1
Mozilla SeaMonkey	=1.0.5
Mozilla SeaMonkey	=1.1.15
Mozilla SeaMonkey	=1.1.6
Mozilla SeaMonkey	=2.0.7
Mozilla SeaMonkey	=1.1.16
Mozilla SeaMonkey	=1.1.19
Mozilla SeaMonkey	=2.0.5
Mozilla SeaMonkey	=1.0.4
Mozilla SeaMonkey	=1.1.9
Mozilla SeaMonkey	=1.1.13
Mozilla SeaMonkey	=1.1.18
Mozilla SeaMonkey	=2.0.6
Mozilla SeaMonkey	=1.1.4

Remedy

https://bugzilla.mozilla.org/show_bug.cgi?id=640339

Never miss a vulnerability like this again

Reference Links

agent/type
agent/last-modified-date
agent/softwarecombine
agent/first-publish-date
collector/nvd-historical
agent/software-canonical-lookup-request
collector/nvd-index
agent/references
agent/author
agent/weakness
agent/severity
agent/remedy
agent/tags
agent/description
agent/event
collector/mitre-cve
source/MITRE
vendor/mozilla
canonical/mozilla firefox
version/mozilla firefox/2.0.0.12
version/mozilla firefox/1.5-beta2
version/mozilla firefox/3.0.17
version/mozilla firefox/3.5.3
version/mozilla firefox/3.0.7
version/mozilla firefox/1.5.2
version/mozilla firefox/3.0.9
version/mozilla firefox/1.5.0.6
version/mozilla firefox/2.0.0.2
version/mozilla firefox/1.5.0.10
version/mozilla firefox/3.5.18
version/mozilla firefox/1.5.0.3
version/mozilla firefox/3.5.6
version/mozilla firefox/3.0.8
version/mozilla firefox/1.5.0.11
version/mozilla firefox/1.5.4
version/mozilla firefox/1.0.2
version/mozilla firefox/3.5
version/mozilla firefox/3.5.5
version/mozilla firefox/3.0.4
version/mozilla firefox/1.5-beta1
version/mozilla firefox/3.5.9
version/mozilla firefox/3.5.4
version/mozilla firefox/3.5.7
version/mozilla firefox/3.0.5
version/mozilla firefox/3.5.11
version/mozilla firefox/1.5
version/mozilla firefox/3.5.14
version/mozilla firefox/1.0.4
version/mozilla firefox/2.0.0.7
version/mozilla firefox/1.0.7
version/mozilla firefox/3.5.10
version/mozilla firefox/3.5.1
version/mozilla firefox/2.0.0.9
version/mozilla firefox/3.0.14
version/mozilla firefox/3.5.2
version/mozilla firefox/2.0.0.16
version/mozilla firefox/1.5.6
version/mozilla firefox/2.0.0.17
version/mozilla firefox/2.0.0.15
version/mozilla firefox/3.0.10
version/mozilla firefox/3.0.12
version/mozilla firefox/1.0
version/mozilla firefox/3.0.3
version/mozilla firefox/1.5.0.7
version/mozilla firefox/2.0
version/mozilla firefox/1.0.1
version/mozilla firefox/3.5.17
version/mozilla firefox/2.0.0.14
version/mozilla firefox/3.0.6
version/mozilla firefox/3.0.15
version/mozilla firefox/1.5.0.8
version/mozilla firefox/2.0.0.3
version/mozilla firefox/3.5.12
version/mozilla firefox/1.5.0.9
version/mozilla firefox/1.5.0.5
version/mozilla firefox/1.5.7
version/mozilla firefox/1.5.0.12
version/mozilla firefox/2.0.0.6
version/mozilla firefox/3.0
version/mozilla firefox/2.0.0.11
version/mozilla firefox/1.5.0.2
version/mozilla firefox/1.0.3
version/mozilla firefox/3.0.1
version/mozilla firefox/2.0.0.4
version/mozilla firefox/1.5.1
version/mozilla firefox/2.0.0.13
version/mozilla firefox/2.0.0.18
version/mozilla firefox/3.5.13
version/mozilla firefox/2.0.0.1
version/mozilla firefox/3.0.2
version/mozilla firefox/3.5.8
version/mozilla firefox/1.5.5
version/mozilla firefox/1.0-preview_release
version/mozilla firefox/3.5.15
version/mozilla firefox/2.0.0.20
version/mozilla firefox/2.0.0.8
version/mozilla firefox/2.0.0.19
version/mozilla firefox/1.5.8
version/mozilla firefox/1.5.3
version/mozilla firefox/1.5.0.4
version/mozilla firefox/1.5.0.1
version/mozilla firefox/3.0.13
version/mozilla firefox/3.5.16
version/mozilla firefox/1.0.5
version/mozilla firefox/2.0.0.5
version/mozilla firefox/2.0.0.10
version/mozilla firefox/1.0.6
version/mozilla firefox/3.0.16
version/mozilla firefox/1.0.8
version/mozilla firefox/3.0.11
version/mozilla firefox/3.6.2
version/mozilla firefox/3.6.3
version/mozilla firefox/3.6.15
version/mozilla firefox/3.6.11
version/mozilla firefox/3.6.8
version/mozilla firefox/3.6.9
version/mozilla firefox/3.6.14
version/mozilla firefox/3.6.12
version/mozilla firefox/3.6.6
version/mozilla firefox/3.6.16
version/mozilla firefox/3.6.10
version/mozilla firefox/3.6.7
version/mozilla firefox/3.6.4
version/mozilla firefox/3.6
version/mozilla firefox/3.6.13
version/mozilla firefox/4.0-beta1
canonical/mozilla seamonkey
version/mozilla seamonkey/2.0.10
version/mozilla seamonkey/1.1.10
version/mozilla seamonkey/1.0.3
version/mozilla seamonkey/1.1.8
version/mozilla seamonkey/1.0.1
version/mozilla seamonkey/1.1.7
version/mozilla seamonkey/1.5.0.10
version/mozilla seamonkey/1.0.6
version/mozilla seamonkey/1.0.9
version/mozilla seamonkey/1.1.3
version/mozilla seamonkey/2.0.4
version/mozilla seamonkey/1.0
version/mozilla seamonkey/2.0.3
version/mozilla seamonkey/2.0.2
version/mozilla seamonkey/1.1.17
version/mozilla seamonkey/1.1.5
version/mozilla seamonkey/2.0.8
version/mozilla seamonkey/1.0.7
version/mozilla seamonkey/1.0-beta
version/mozilla seamonkey/1.1-alpha
version/mozilla seamonkey/2.0.13
version/mozilla seamonkey/1.0-alpha
version/mozilla seamonkey/1.1.12
version/mozilla seamonkey/2.0.12
version/mozilla seamonkey/1.1
version/mozilla seamonkey/1.1.14
version/mozilla seamonkey/2.0.11
version/mozilla seamonkey/1.1.2
version/mozilla seamonkey/1.0.2
version/mozilla seamonkey/1.0.8
version/mozilla seamonkey/1.1.11
version/mozilla seamonkey/1.5.0.9
version/mozilla seamonkey/1.1-beta
version/mozilla seamonkey/1.1.1
version/mozilla seamonkey/2.0.9
version/mozilla seamonkey/1.5.0.8
version/mozilla seamonkey/2.0.1
version/mozilla seamonkey/1.0.5
version/mozilla seamonkey/1.1.15
version/mozilla seamonkey/1.1.6
version/mozilla seamonkey/2.0.7
version/mozilla seamonkey/1.1.16
version/mozilla seamonkey/1.1.19
version/mozilla seamonkey/2.0.5
version/mozilla seamonkey/1.0.4
version/mozilla seamonkey/1.1.9
version/mozilla seamonkey/1.1.13
version/mozilla seamonkey/1.1.18
version/mozilla seamonkey/2.0.6
version/mozilla seamonkey/1.1.4

CVE-2011-1712: Infoleak

Remedy

Never miss a vulnerability like this again

Reference Links

Company

Resources

Contact