Chris Evans of the Chrome Security Team reported
that the XSLT generate-id() function returned a string that revealed
a specific valid address of an object on the memory heap. It is possible
that in some cases this address would be valuable information that could
be used by an attacker while exploiting a different memory corruption
but, in order to make an exploit more reliable or work around mitigation
features in the browser or operating system.