Computer Security

Security Advisory: Mozilla Foundation Security Advisory 2011-18
back  news / advisories / forum / software / advertising / search / exploits  forward
[EN] securityvulns.ru
no-pyccku



Related information

  Mozilla Firefox / Thunderbird / Seamonkey multiple security vulnerabilities

  ZDI-11-158: Mozilla Firefox OBJECT mChannel Remote Code Execution Vulnerability

  ZDI-11-159: Mozilla Firefox OBJECT mObserverList Remote Code Execution Vulnerability

  ZDI-11-157: Mozilla Firefox nsTreeRange Dangling Pointer Remote Code Execution Vulnerability

  Mozilla Foundation Security Advisory 2011-17

From:MOZILLA
Date:01.05.2011
Subject:Mozilla Foundation Security Advisory 2011-18

Mozilla Foundation Security Advisory 2011-18

Title: XSLT generate-id() function heap address leak
Impact: Low
Announced: April 28, 2011
Reporter: Chris Evans
Products: Firefox, SeaMonkey

Fixed in: Firefox 4.0.1
Firefox 3.6.17
Firefox 3.5.19
SeaMonkey 2.0.14
Description

Chris Evans of the Chrome Security Team reported that the XSLT generate-id() function returned a string that revealed a specific valid address of an object on the memory heap. It is possible that in some cases this address would be valuable information that could be used by an attacker while exploiting a different memory corruption but, in order to make an exploit more reliable or work around mitigation features in the browser or operating system.

   https://bugzilla.mozilla.org/show_bug.cgi?id=640339
   CVE-2011-1202

About | Terms of use | Privacy Policy
© SecurityVulns, 3APA3A, Vladimir Dubrovin
Nizhny Novgorod

 
 


Rating@Mail.ru