Endpoint Vulnerability

Access violation with XSLT and uninitialized data

Description

Security researcher Abhishek Arya (Inferno) of the Google Chrome Security Team used the Address Sanitizer tool to discover an access violation due to uninitialized data during Extensible Stylesheet Language Transformation (XSLT) processing. This leads to a potentially exploitable crash.

Affected Products

Firefox,Firefox ESR

References

CVE-2013-5604,