On-line Browser vulnerabilty-test website: Windows 98 / IE6 / FF2.20 / Netscape 9 (pass 100%)
in [Internet Explorer 6]
|
Prev: Upgrading to IE7
Next: On-line Browser vulnerabilty-test website: Windows 98 / IE6 / FF2.20 / Netscape 9 (pass 100%)
From: 98 Guy on 4 Mar 2010 00:22 This website: Browser Security Test http://bcheck.scanit.be/bcheck/ Allows users to subject their computer/browser to a selection of synthetic exploits as follows: - user selectable tests / exploits - test only exploits known to affect the user's particular browser - all tests for all known exploits There are 19 tests in total. See below for a summary of them. I ran these tests 3 times - once against each of the installed browsers on my win-98se system. I did not have any AV program or any form of browser-protection program running on my test system. ------------- Test results ------------- Browser name: Firefox/2.0.0.12 Navigator Version: 9.0.0.6 Platform: Windows 98 Congratulations! The test has found no vulnerabilities in your browser! Browser name: Firefox Version: 2.0.0.20 Platform: Windows 98 Congratulations! The test has found no vulnerabilities in your browser! Browser name: MSIE Version: 6.0 Platform: Windows 98 Congratulations! The test has found no vulnerabilities in your browser! During the IE6 test, I was asked to download / run these two files: crashy2.xul (a small script file) path-neg.svg (another small script file) The second file seems to be a very old IE5/IE6 exploit, as described here: http://www.greymagic.com/security/advisories/gm012-ie/ Neither of the above 2 files, when submitted to VirusTotal, are detected as threats by any of the 42 AV apps hosted on that site. Note the stats (% vulnerable browsers): http://bcheck.scanit.be/bcheck/stats.php ------------------ Summary of tests ------------------ Windows animated cursor overflow (CVE-2007-0038) (This test may trigger anti-virus warnings) Mozilla crashes with evidence of memory corruption (CVE-2007-0777) Internet Explorer bait & switch race condition (CVE-2007-3091) Mozilla crashes with evidence of memory corruption (CVE-2007-2867) Internet Explorer createTextRange arbitrary code execution (CVE-2006-1359) Windows MDAC ADODB ActiveX control invalid length (CVE-2006-5559) Adobe Flash Player video file parsing integer overflow (CVE-2007-3456) XMLDOM substringData() heap overflow (CVE-2007-2223) Mozilla crashes with evidence of memory corruption (rv:1.8.1.5) (CVE-2007-3734) Opera JavaScript invalid pointer arbitrary code execution (CVE-2007-436) Apple QuickTime MOV file JVTCompEncodeFrame heap overflow (CVE-2007-2295) Mozilla code execution via QuickTime Media-link files (CVE-2006-4965) Mozilla crashes with evidence of memory corruption (rv:1.8.1.8) ( CVE-2007-533) Mozilla memory corruption vulnerabilities (rv:1.8.1.10) (CVE-2007-5959) Mozilla crashes with evidence of memory corruption (rv:1.8.1.12) (CVE-2008-0412) Apple QuickTime 'QTPlugin.ocx' ActiveX Control Multiple Buffer Overflows () Window location property cross-domain scripting (CVE-2008-2947) Mozilla Firefox MathML integer overflow (CVE-2008-4061) Internet Explorer XML nested SPAN elements memory corruption (CVE-2008-4844) Meb will no doubt respond to this post by frothing and spewing one excuse after another why these tests should not be believed or taken as evidence that Win-98 combined with old/legacy browsers are not vulnerable to common exploitation. |