Published: 11/03/2011 Updated: 04/06/2020

CVSS v2 Base Score: 4.3 | Impact Score: 2.9 | Exploitability Score: 8.6

VMScore: 383

Vector: AV:N/AC:M/Au:N/C:P/I:N/A:N

The xsltGenerateIdFunction function in functions.c in libxslt 1.1.26 and previous versions, as used in Google Chrome prior to 10.0.648.127 and other products, allows remote malicious users to obtain potentially sensitive information about heap memory addresses via an XML document containing a call to the XSLT generate-id XPath function.

Vulnerable Product	Search on Vulmon	Subscribe to Product
google chrome
xmlsoft libxslt

Synopsis Important: libxslt security update Type/Severity Security Advisory: Important Topic Updated libxslt packages that fix several security issues are now availablefor Red Hat Enterprise Linux 5 and 6The Red Hat Security Response Team has rated this update as havingimportant security impact Common Vul ...

Debian Bug report logs - #617413 Leak of address of heap object via xslt generate-id() function Package: libxslt; Maintainer for libxslt is Debian XML/SGML Group <debian-xml-sgml-pkgs@listsaliothdebianorg>; Reported by: Giuseppe Iuculano <iuculano@debianorg> Date: Tue, 8 Mar 2011 19:03:01 UTC Severity: important ...

Debian Bug report logs - #679283 CVE-2012-2825 Package: libxslt; Maintainer for libxslt is Debian XML/SGML Group <debian-xml-sgml-pkgs@listsaliothdebianorg>; Reported by: Moritz Muehlenhoff <muehlenhoff@univentionde> Date: Wed, 27 Jun 2012 15:21:09 UTC Severity: grave Tags: security Fixed in versions libxslt/11 ...

Multiple vulnerabilities in Firefox and Xulrunner ...

Multiple xulrunner-191 vulnerabilities ...

Multiple firefox vulnerabilities ...

An empty menu bar sometimes appeared after upgrade in USN-1122-2 ...

Applications using libxslt could be made to crash or run programs as your login if they processed a specially crafted file ...

Thunderbird could be made to run programs as your login if it opened specially crafted mail ...

A heap-based buffer overflow flaw was found in the way libxslt applied templates to nodes selected by certain namespaces An attacker could use this flaw to create a malicious XSL file that, when used by an application linked against libxslt to perform an XSL transformation, could cause the application to crash or, possibly, execute arbitrary code ...

Mozilla Foundation Security Advisory 2011-18 XSLT generate-id() function heap address leak Announced April 28, 2011 Reporter Chris Evans Impact Low Products Firefox, SeaMonkey Fixed in ...

CWE-200 http://code.google.com/p/chromium/issues/detail?id=73716 http://googlechromereleases.blogspot.com/2011/03/chrome-stable-release.html http://www.securityfocus.com/bid/46785 http://www.vupen.com/english/advisories/2011/0628 http://git.gnome.org/browse/libxslt/commit/?id=ecb6bcb8d1b7e44842edde3929f412d46b40c89f http://scarybeastsecurity.blogspot.com/2011/03/multi-browser-heap-address-leak-in-xslt.html https://bugzilla.redhat.com/show_bug.cgi?id=684386 http://www.mandriva.com/security/advisories?name=MDVSA-2011:079 http://www.mandriva.com/security/advisories?name=MDVSA-2012:164 http://downloads.avaya.com/css/P8/documents/100144158 https://exchange.xforce.ibmcloud.com/vulnerabilities/65966 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A14244 https://access.redhat.com/errata/RHSA-2012:1265 https://nvd.nist.gov https://usn.ubuntu.com/1112-1/

CVE-2011-1202

Vulnerability Summary

Vulnerability Trend

Vendor Advisories

References

Vulmon Search

About

Products

Connect