Browser Security Test from Scanit

Discussion in 'other software & services' started by screamer, Oct 1, 2007.

Thread Status:
Not open for further replies.
  1. screamer

    screamer Registered Member

    Joined:
    Apr 14, 2006
    Posts:
    921
    Location:
    Big Apple USA
    We have released 12 new tests for the most recent vulnerabilities in
    Internet Explorer, Mozilla Firefox and Opera and a completely new
    browser test engine, which allows us to test for more kinds of browser
    bugs. The new engine even works without JavaScript.

    The Browser Security Test is available at http://bcheck.scanit.be/bcheck/

    Some of the new tests work by trying to crash the browser. If your
    browser crashes during the test, restart it and return to
    http://bcheck.scanit.be/bcheck/. The page will show which vulnerability
    crashed your browser and offer you to continue the test or view the
    results.

    We have added checks for the following vulnerabilities:

    1. Windows animated cursor overflow (CVE-2007-003:cool:
    2. Mozilla crashes with evidence of memory corruption (CVE-2007-0777)
    3. Internet Explorer bait & switch race condition (CVE-2007-3091)
    4. Mozilla crashes with evidence of memory corruption (CVE-2007-2867)
    5. Internet Explorer createTextRange arbitrary code execution
    (CVE-2006-1359)
    6. Windows MDAC ADODB ActiveX control invalid length (CVE-2006-5559)
    7. Adobe Flash Player video file parsing integer overflow (CVE-2007-3456)
    8. XMLDOM substringData() heap overflow (CVE-2007-2223)
    9. Mozilla crashes with evidence of memory corruption (rv:1.8.1.5)
    (CVE-2007-3734)
    10. Opera JavaScript invalid pointer arbitrary code execution
    (CVE-2007-436)
    11. Apple QuickTime MOV file JVTCompEncodeFrame heap overflow
    (CVE-2007-2295)
    12. Mozilla code execution via QuickTime Media-link files ()

    ...screamer
     
  2. sukarof

    sukarof Registered Member

    Joined:
    Jun 22, 2004
    Posts:
    1,714
    Location:
    Stockholm Sweden
    I guess using noscript extension is considered as cheating when testing firefox :p
     
  3. Huwge

    Huwge Registered Member

    Joined:
    Oct 21, 2004
    Posts:
    405
    Location:
    UK
    Yep, no fails with FF and NoScript
     
  4. dja2k

    dja2k Registered Member

    Joined:
    Feb 15, 2005
    Posts:
    2,040
    Location:
    South Texas, USA
    My Firefox passed without NoScript installed so I guess I am safe. Opera and Internet Explorer passed too. I suppose SandboxIE is working...

    dja2k
     
  5. Bob D

    Bob D Registered Member

    Joined:
    Apr 18, 2005
    Posts:
    1,150
    Location:
    Mass., USA
    K-Meleon (rv:1.8.1.6) passes (un-sandboxed).
     
  6. screamer

    screamer Registered Member

    Joined:
    Apr 14, 2006
    Posts:
    921
    Location:
    Big Apple USA
    NoScript seems to really do it's job well :)

    ...screamer
     
  7. Concepts

    Concepts Registered Member

    Joined:
    Aug 7, 2007
    Posts:
    26
    IE7 passed all tests.
     

    Attached Files:

    • IE7.JPG
      IE7.JPG
      File size:
      73.6 KB
      Views:
      291
  8. Arup

    Arup Guest

    Opera 9.23 passed with flying colors as usual :)
     
  9. buzzqw

    buzzqw Registered Member

    Joined:
    Sep 7, 2006
    Posts:
    26
    Opera 9.50 Kestrel , v9562 passed without a glitch :)

    BHH
     
  10. Rasheed187

    Rasheed187 Registered Member

    Joined:
    Jul 10, 2004
    Posts:
    8,055
    Location:
    The Netherlands
    I also passed everything with IE/Maxthon, but I guess it´s because we´re all fully patched. It would be interesting to see how we would score on an unpatched machine. Perhaps someone can test this, I would have done it, but I´m having problems with VMware Workstation, ever since I upgraded. :cautious:
     
Loading...
Thread Status:
Not open for further replies.