Mozilla Foundation Security Advisory 2012-08
Title: Crash with malformed embedded XSLT stylesheets
Announced: January 31, 2012
Reporter: Nicolas Grégoire, Aki Helin
Products: Firefox, Thunderbird, SeaMonkey
Fixed in: Firefox 10.0
Security researchers Nicolas Grégoire and Aki Helin independently reported that when processing a malformed embedded XSLT stylesheet, Firefox can crash due to a memory corruption. While there is no evidence that this is directly exploitable, there is a possibility of remote code execution.