NeXpose Release August 9, 2010 (Content)

Document created by techeditor on Apr 7, 2011
Version 1Show Document
  • View in full screen mode

This release features updated vulnerability coverage.


Bi-monthly vulnerability check update

  • New vulnerability and patch checks bring the product up to date with recently announced vulnerabilities in the following operating systems and applications:
    o Red Hat Enterprise Linux
    o CentOS
    o Solaris
    o Cisco devices
    o Mozilla Firefox
    o Adobe Reader
    o Adobe Flash
    o Java Runtime Environment
    These vulnerability and patch checks address software flaws that could allow hostile parties to take control of affected systems.


List of checks

  • MFSA2010-34-01: Miscellaneous memory safety hazards
  • MFSA2010-34-02: Miscellaneous memory safety hazards
  • MFSA2010-35: DOM attribute cloning remote code execution vulnerability
  • MFSA2010-36: Use-after-free error in NodeIterator
  • MFSA2010-37: Plugin parameter EnsureCachedAttrParamArrays remote code execution vulnerability
  • MFSA2010-38: Arbitrary code execution using SJOW and fast native function
  • MFSA2010-39: nsCSSValue::Array index integer overflow
  • MFSA2010-40: nsTreeSelection dangling pointer remote code execution vulnerability
  • MFSA2010-41: Remote code execution using malformed PNG image
  • MFSA2010-42: Cross-origin data disclosure via Web Workers and importScripts
  • MFSA2010-43: Same-origin bypass using canvas context
  • MFSA2010-44: Characters mapped to U+FFFD in 8 bit encodings cause subsequent character to vanish
  • MFSA2010-45-01: Multiple location bar spoofing vulnerabilities
  • MFSA2010-45-02: Multiple location bar spoofing vulnerabilities
  • MFSA2010-46: Cross-domain data theft using CSS
  • MFSA2010-47: Cross-origin data leakage from script filename in error messages
  • MFSA2010-48: Dangling pointer crash regression from plugin parameter array fix
  • Unprotected FrontPage Extensions