Browser Security Test

Found this today Scanit's Browser Security Test - not seen it before

Seems quite a good set of test?

1. Mozilla Firefox and Mozilla Suite Code Execution Through Shared Function Objects (moz296397)
2. Mozilla Privilege Escalation via DOM Property Overrides Vulnerability (moz289083)
3. Mozilla JavaScript "Lambda" Replace Memory Exposure Vulnerability (moz28868
4. Mozilla Firefox Code Execution Through JavaScript: Favicons Vulnerability (moz290036)
5. Microsoft Internet Explorer DHTML Edit Control Script Injection Vulnerability (bid11950)
6. Microsoft Internet Explorer HTML Help Control Local Zone Security Restriction Bypass Vulnerability (bid11467)
7. Sun Java Plugin Arbitrary Package Access Vulnerability / Opera Java Vulnerability (idef20041123)
8. Microsoft Internet Explorer JavaScript Method Assignment Cross-Domain Scripting Vulnerability (bid10689)
9. Internet Explorer Modal Dialog Argument Caching Cross-Domain Scripting Vulnerability (jel20040607)
10. Microsoft Internet Explorer CHM File Processing Arbitrary Code Execution Vulnerability (bid965
11. Microsoft Internet Explorer file:javascript: Cross Domain Scripting Vulnerability (ldy20030910-01)
12. Microsoft Internet Explorer Search Frame Fake Caller Vulnerability (ldy20030910-02)
13. Microsoft Internet Explorer Object Data Remote Execution Vulnerability (eeye20030821)
14. Mozilla Link Onclick Cross Domain Scripting Vulnerability (ldy20030416)
15. 305 Use Proxy Redirect Vulnerability (moz187996)
16. Mozilla document.write Cross-Domain Scripting Vulnerability (moz91043)
17. Mozilla OnUnload Referer Information Leakage Vulnerability (bid5694)
18. Mozilla XMLSerializer Same Origin Policy Violation Vulnerability (bid5766)
19. Opera 7.0 Javascript Security Model Vulnerability (gm002op)
20. Opera 7.0 console.html Cross-Site Scripting Vulnerability (gm003op)
21. Opera 7.0 Local Images Cross-Site Scripting Vulnerability (gm004op)
22. Opera 7.0 Browsing History Disclosure Vulnerability (gm005op)
23. Opera 7.0 Javascript Exception Information Disclosure Vulnerability (gm006op)
24. Microsoft Internet Explorer Multimedia Page Cross-Site Scripting Vulnerability (bid6481)
25. Microsoft Internet Explorer Dialog Style Same Origin Policy Bypass Vulnerability (bid6306)
26. Microsoft Internet Explorer document.write() Zone Bypass Vulnerability (bid6017)
27. Microsoft Internet Explorer IFRAME dialogArguments Cross-Zone Access Vulnerability (bid6205)
28. Microsoft Internet Explorer Document Reference Zone Bypass Vulnerability (bid5841)
29. Microsoft Internet Explorer Iframe Document Property Cross Domain Scripting Vulnerability (bid5963)
30. Mozilla JavaScript URL Host Spoofing Arbitrary Cookie Access Vulnerability (bid5293)
31. Microsoft Internet Explorer %2f in URL Same Origin Policy Violation Vulnerability (bid5610)
32. Microsoft Internet Explorer %00 Arbitrary File Execution Vulnerability (bid357
33. Microsoft Internet Explorer Navigate Function Cross Frame Access Vulnerability (bid1636)
34. Microsoft Internet Explorer Temporary Internet Files Folder Disclosure Vulnerability (bid2456)
35. Microsoft Internet Explorer MIME Header "Content-Type: audio-x-wav" Attachment Execution Vulnerability (bid2524)
36. Microsoft Internet Explorer DYNSRC File Information Disclosure Vulnerability (bid4371)
37. Microsoft Internet Explorer Content-Disposition Handling File Execution Vulnerability (bid4752)
38. Microsoft Internet Explorer OBJECT Tag Same Origin Policy Violation Vulnerability (bid5196)
39. Microsoft Internet Explorer Dialog Same Origin Policy Bypass Vulnerability (bid4527)
40. Microsoft Internet Explorer Cookie Content Disclosure Vulnerability (bid4754)


Any better testers out there?

 

you know you can't beat a good popup blocker http://www.popuptest.com/

maybe try this http://www.jasons-toolbox.com/BrowserSecurity/

 

Hello,
Could you post the link to the tests you mentioned.
Apropos popups and jason's toolbox - mostly based on javascript. Easily solvable.
Mrk

 

Not sure if this is the one but here's the link:
http://bcheck.scanit.be/bcheck/

 

Latest Firefox passed all of the tests in the links provided here, atleast mine did. Just remember to allow javascripts or none of the tests will run.

 

Yep this is the one - Sorry forgot the link

 

If you enable Java Script then it will show things that sites wouldn't normally see when you have it Disabled, so it's kinda misleading ! If you want to see what those sites can see with JS then of course enable it.

I've used it quite a few times when setting up my hardening of IE and my PC, i think it's a very good test site.


StevieO

 

XP/IE6/SP2, patched fully as of the date of this posting, passes.

Caveats: I do have an Admin list for ActiveX, so no guarantees about what the results will be with standard Internet Zone defaults (Run ActiveX). Some ActiveX was blocked during the tests. Also, my cookie policy denies cookies except to those on the P3P list, so if there are cookies involved in exploits, results might have been different. (Doubtful, though; I haven't heard of cookie exploits since the ancient, long-ago patched exploit involving sneaking scripts into a machine via cookies).

Note: There exists a nearly infinite range of possibilities due to the many settings available for Windows in general and IE in particular. Don't project results from one user into gospel for all.

Quick update to this post: Turns out I had REGMON running in another user account when running the test. The blocked ActiveX in question was 8856F961-340A-11D0-A96B-00C04FD705A2 = Microsoft Web Browser Control (shdocvw.dll) -- no surprise. I do not have that one in my Admin list due to concerns about its safety. Later, if time allows, I will rerun the test with this added to the list (or perhaps with default settings) to see what might differ.

CrackMan

 

This is quite an old test and I believe that all the holes that they are trying to "exploit" in this test are already patched. So I think most Wilder Security members will get a 100% score.

 

yes

no risks here ( have used this page before)

what I like about that "results" page is that 26+% of visitors doing the tests run mozilla

Go the Fox of Fire.