Mozilla Firefox Information Disclosure Vulnerability (Windows) Network Vulnerability

Summary

The host is installed with Mozilla Firefox and is prone to information disclosure vulnerability.

Impact

Successful exploitation will allow remote attackers to obtain potentially sensitive information about heap memory addresses. Impact Level: Application

Solution

Upgrade to Mozilla Firefox version 4 or later, For updates refer to http://www.mozilla.com/en-US/firefox/new/

Insight

The flaw is due to an error in txXPathNodeUtils::getXSLTId function in txStandaloneXPathTreeWalker.cpp allows remote attackers to obtain potentially sensitive information about heap memory addresses via an XML document containing a call to the XSLT generate-id XPath function.

Affected

Mozilla Firefox version 3.6.16 and prior.

References

http://scarybeastsecurity.blogspot.com/2011/03/multi-browser-heap-address-leak-in-xslt.html

Updated on 2015-03-25

Severity

Classification

CVE CVE-2011-1712

CVSS	Base Score: 4.3 AV:N/AC:M/Au:N/C:P/I:N/A:N

Related Vulnerabilities

Adobe Reader Multiple Unspecified Vulnerabilities Jun06 (Mac OS X)
Adobe Reader 'SWF' Information Disclosure Vulnerability (Windows)
Adobe Reader Information Disclosure Vulnerability Jun05 (Windows)
Apple iTunes Tutorials Window Security Bypass Vulnerability (Windows)
Apple Mac OS X Multiple Vulnerabilities - 02 Jan14

Take action and discover your vulnerabilities