CVE-2011-1712

Name of the Vulnerable Software and Affected Versions Mozilla Firefox versions prior to 3.5.19 Mozilla Firefox versions 3.6.x prior to 3.6.17 Mozilla Firefox versions 4.x prior to 4.0.1 SeaMonkey versions prior to 2.0.14

Description The issue allows remote attackers to obtain potentially sensitive information about heap memory addresses via an XML document containing a call to the XSLT generate-id XPath function. This is due to a problem in the txXPathNodeUtils::getXSLTId function.

Recommendations For Mozilla Firefox versions prior to 3.5.19, update to version 3.5.19 or later. For Mozilla Firefox versions 3.6.x prior to 3.6.17, update to version 3.6.17 or later. For Mozilla Firefox versions 4.x prior to 4.0.1, update to version 4.0.1 or later. For SeaMonkey versions prior to 2.0.14, update to version 2.0.14 or later.