HTTP/2 200
x-backend-server: bedrock-5455fcf68c-j25cw.gcp-us-west1
server: granian
x-content-type-options: nosniff
cache-control: max-age=600
strict-transport-security: max-age=31536000
etag: "7dc869f137407e3ace6cdb687c365d9f"
expires: Thu, 16 Oct 2025 13:07:13 GMT
content-language: en-US
content-type: text/html; charset=utf-8
content-security-policy: font-src 'self' www.mozilla.org; connect-src 'self' https://accounts.firefox.com/ https://basket.mozilla.org o1069899.ingest.sentry.io o1069899.sentry.io region1.google-analytics.com www.google-analytics.com www.googletagmanager.com www.mozilla.org/submit/bedrock/; base-uri 'none'; script-src 'self' 'unsafe-eval' 'unsafe-inline' js.stripe.com s.ytimg.com tagmanager.google.com www.google-analytics.com www.googletagmanager.com www.mozilla.org www.youtube.com; style-src 'self' 'unsafe-inline' www.mozilla.org; default-src 'self' *.mozilla.org; media-src 'self' assets.mozilla.net videos.cdn.mozilla.net www.mozilla.org; upgrade-insecure-requests; frame-ancestors 'none'; object-src 'none'; img-src 'self' blog.mozilla.org data: images.ctfassets.net www.google-analytics.com www.googletagmanager.com www.mozilla.org; form-action 'self' https://accounts.firefox.com/ https://basket.mozilla.org; frame-src 'self' accounts.firefox.com js.stripe.com www.google-analytics.com www.googletagmanager.com www.youtube.com
content-security-policy-report-only: font-src 'self' www.mozilla.org; connect-src 'self' https://accounts.firefox.com/ https://basket.mozilla.org o1069899.ingest.sentry.io o1069899.sentry.io region1.google-analytics.com www.google-analytics.com www.googletagmanager.com www.mozilla.org/submit/bedrock/; base-uri 'none'; script-src 'self' 'unsafe-eval' 'unsafe-inline' js.stripe.com s.ytimg.com tagmanager.google.com www.google-analytics.com www.googletagmanager.com www.mozilla.org www.youtube.com; style-src 'self' www.mozilla.org; default-src 'self' *.mozilla.org; media-src 'self' assets.mozilla.net videos.cdn.mozilla.net www.mozilla.org; upgrade-insecure-requests; frame-ancestors 'none'; object-src 'none'; img-src 'self' blog.mozilla.org data: images.ctfassets.net www.google-analytics.com www.googletagmanager.com www.mozilla.org; form-action 'self' https://accounts.firefox.com/ https://basket.mozilla.org; frame-src 'self' accounts.firefox.com js.stripe.com www.google-analytics.com www.googletagmanager.com www.youtube.com
cross-origin-opener-policy: same-origin
x-clacks-overhead: GNU Terry Pratchett
x-frame-options: DENY
via: 1.1 google, 1.1 varnish, 1.1 varnish
referrer-policy: strict-origin-when-cross-origin
content-encoding: gzip
accept-ranges: bytes
age: 0
date: Thu, 16 Oct 2025 12:57:13 GMT
x-served-by: cache-bom-vanm7210099-BOM, cache-bom-vanm7210068-BOM
x-cache: MISS, MISS
x-cache-hits: 0, 0
x-timer: S1760619433.404638,VS0,VE308
vary: Accept-Encoding
content-length: 7235
XSLT generate-id() function heap address leak — Mozilla
Help us improve your Mozilla experience
In addition to Cookies necessary for this site to function, we’d like your permission to set some additional Cookies to better understand your browsing needs and improve your experience. Rest assured — we value your privacy.
Accept All Additional Cookies
Reject All Additional Cookies
Cookie settings
Mozilla Foundation Security Advisory 2011-18
XSLT generate-id() function heap address leak
Announced
April 28, 2011
Reporter
Chris Evans
Impact
Low Products
Firefox, SeaMonkey
Fixed in
Firefox 3.5.19
Firefox 3.6.17
Firefox 4.0.1
SeaMonkey 2.0.14
Description
Chris Evans of the Chrome Security Team reported
that the XSLT generate-id() function returned a string that revealed
a specific valid address of an object on the memory heap. It is possible
that in some cases this address would be valuable information that could
be used by an attacker while exploiting a different memory corruption
but, in order to make an exploit more reliable or work around mitigation
features in the browser or operating system.
