On-line Browser vulnerabilty-test website: Windows 98 / IE6 / FF2.20 / Netscape 9 (pass 100%)
in [Internet Explorer 6]
|
Prev: On-line Browser vulnerabilty-test website: Windows 98 / IE6 / FF2.20 / Netscape 9 (pass 100%)
Next: IE Content AdvisorRequires Password Each Time Site Is Visited
From: Hot-text on 4 Mar 2010 01:29 NO anti-malware protection why would you do that for? you need to always run a protection on your Computer 98 Guy ,,,,, "98 Guy" <98(a)Guy.com> wrote in message news:4B8F43AF.E20F00D6(a)Guy.com... > This website: > > Browser Security Test > http://bcheck.scanit.be/bcheck/ > > Allows users to subject their computer/browser to a selection of > synthetic exploits as follows: > > - user selectable tests / exploits > - test only exploits known to affect the user's particular browser > - all tests for all known exploits > > There are 19 tests in total. See below for a summary of them. > > I ran these tests 3 times - once against each of the installed browsers > on my win-98se system. > > I did not have any AV program or any form of browser-protection program > running on my test system. > > ------------- > Test results > ------------- > > Browser name: Firefox/2.0.0.12 Navigator > Version: 9.0.0.6 > Platform: Windows 98 > Congratulations! The test has found no vulnerabilities in your browser! > > Browser name: Firefox > Version: 2.0.0.20 > Platform: Windows 98 > Congratulations! The test has found no vulnerabilities in your browser! > > Browser name: MSIE > Version: 6.0 > Platform: Windows 98 > Congratulations! The test has found no vulnerabilities in your browser! > > During the IE6 test, I was asked to download / run these two files: > > crashy2.xul (a small script file) > path-neg.svg (another small script file) > > The second file seems to be a very old IE5/IE6 exploit, as described > here: > > http://www.greymagic.com/security/advisories/gm012-ie/ > > Neither of the above 2 files, when submitted to VirusTotal, are detected > as threats by any of the 42 AV apps hosted on that site. > > Note the stats (% vulnerable browsers): > > http://bcheck.scanit.be/bcheck/stats.php > > ------------------ > Summary of tests > ------------------ > > Windows animated cursor overflow (CVE-2007-0038) (This test may trigger > anti-virus warnings) > Mozilla crashes with evidence of memory corruption (CVE-2007-0777) > Internet Explorer bait & switch race condition (CVE-2007-3091) > Mozilla crashes with evidence of memory corruption (CVE-2007-2867) > Internet Explorer createTextRange arbitrary code execution > (CVE-2006-1359) > Windows MDAC ADODB ActiveX control invalid length (CVE-2006-5559) > Adobe Flash Player video file parsing integer overflow (CVE-2007-3456) > XMLDOM substringData() heap overflow (CVE-2007-2223) > Mozilla crashes with evidence of memory corruption (rv:1.8.1.5) > (CVE-2007-3734) > Opera JavaScript invalid pointer arbitrary code execution (CVE-2007-436) > Apple QuickTime MOV file JVTCompEncodeFrame heap overflow > (CVE-2007-2295) > Mozilla code execution via QuickTime Media-link files (CVE-2006-4965) > Mozilla crashes with evidence of memory corruption (rv:1.8.1.8) ( > CVE-2007-533) > Mozilla memory corruption vulnerabilities (rv:1.8.1.10) (CVE-2007-5959) > Mozilla crashes with evidence of memory corruption (rv:1.8.1.12) > (CVE-2008-0412) > Apple QuickTime 'QTPlugin.ocx' ActiveX Control Multiple Buffer Overflows > () > Window location property cross-domain scripting (CVE-2008-2947) > Mozilla Firefox MathML integer overflow (CVE-2008-4061) > Internet Explorer XML nested SPAN elements memory corruption > (CVE-2008-4844) > > Meb will no doubt respond to this post by frothing and spewing one > excuse after another why these tests should not be believed or taken as > evidence that Win-98 combined with old/legacy browsers are not > vulnerable to common exploitation.
From: Shane on 4 Mar 2010 03:59 What I'd like to know is who brought you boring fux0rs here?
From: Peter Foldes on 4 Mar 2010 07:16 I think you forgot to add more newsgroups to you wonderful job in crossposting. -- Peter Please Reply to Newsgroup for the benefit of others Requests for assistance by email can not and will not be acknowledged. "98 Guy" <98(a)Guy.com> wrote in message news:4B8F43AF.E20F00D6(a)Guy.com... > This website: > > Browser Security Test > http://bcheck.scanit.be/bcheck/ > > Allows users to subject their computer/browser to a selection of > synthetic exploits as follows: > > - user selectable tests / exploits > - test only exploits known to affect the user's particular browser > - all tests for all known exploits > > There are 19 tests in total. See below for a summary of them. > > I ran these tests 3 times - once against each of the installed browsers > on my win-98se system. > > I did not have any AV program or any form of browser-protection program > running on my test system. > > ------------- > Test results > ------------- > > Browser name: Firefox/2.0.0.12 Navigator > Version: 9.0.0.6 > Platform: Windows 98 > Congratulations! The test has found no vulnerabilities in your browser! > > Browser name: Firefox > Version: 2.0.0.20 > Platform: Windows 98 > Congratulations! The test has found no vulnerabilities in your browser! > > Browser name: MSIE > Version: 6.0 > Platform: Windows 98 > Congratulations! The test has found no vulnerabilities in your browser! > > During the IE6 test, I was asked to download / run these two files: > > crashy2.xul (a small script file) > path-neg.svg (another small script file) > > The second file seems to be a very old IE5/IE6 exploit, as described > here: > > http://www.greymagic.com/security/advisories/gm012-ie/ > > Neither of the above 2 files, when submitted to VirusTotal, are detected > as threats by any of the 42 AV apps hosted on that site. > > Note the stats (% vulnerable browsers): > > http://bcheck.scanit.be/bcheck/stats.php > > ------------------ > Summary of tests > ------------------ > > Windows animated cursor overflow (CVE-2007-0038) (This test may trigger > anti-virus warnings) > Mozilla crashes with evidence of memory corruption (CVE-2007-0777) > Internet Explorer bait & switch race condition (CVE-2007-3091) > Mozilla crashes with evidence of memory corruption (CVE-2007-2867) > Internet Explorer createTextRange arbitrary code execution > (CVE-2006-1359) > Windows MDAC ADODB ActiveX control invalid length (CVE-2006-5559) > Adobe Flash Player video file parsing integer overflow (CVE-2007-3456) > XMLDOM substringData() heap overflow (CVE-2007-2223) > Mozilla crashes with evidence of memory corruption (rv:1.8.1.5) > (CVE-2007-3734) > Opera JavaScript invalid pointer arbitrary code execution (CVE-2007-436) > Apple QuickTime MOV file JVTCompEncodeFrame heap overflow > (CVE-2007-2295) > Mozilla code execution via QuickTime Media-link files (CVE-2006-4965) > Mozilla crashes with evidence of memory corruption (rv:1.8.1.8) ( > CVE-2007-533) > Mozilla memory corruption vulnerabilities (rv:1.8.1.10) (CVE-2007-5959) > Mozilla crashes with evidence of memory corruption (rv:1.8.1.12) > (CVE-2008-0412) > Apple QuickTime 'QTPlugin.ocx' ActiveX Control Multiple Buffer Overflows > () > Window location property cross-domain scripting (CVE-2008-2947) > Mozilla Firefox MathML integer overflow (CVE-2008-4061) > Internet Explorer XML nested SPAN elements memory corruption > (CVE-2008-4844) > > Meb will no doubt respond to this post by frothing and spewing one > excuse after another why these tests should not be believed or taken as > evidence that Win-98 combined with old/legacy browsers are not > vulnerable to common exploitation.
From: 98 Guy on 4 Mar 2010 09:35 Top-Poaster Peter Foldes top-poasted: > I think you forgot to add more newsgroups to you wonderful job in > crossposting. Thanks Peter. I know that you are in agreement with me that the selection of groups that I posted to (win-98, win-me, and IE6) was a very wise choice - given that this combination of OS's and browser is arguably at the crux of what most people consider to be un-supported or that the degree to which their compatibility with various browser exploits is largely unknown given the focus on NT-based OS's such as XP and above. I know that you are in complete agreement with me (as you indicate) that crossposting is completely normal and useful when subject matter is applicable to several groups simultaneously.
From: 98 Guy on 4 Mar 2010 09:36
Shane wrote: > What I'd like to know is who brought you boring fux0rs here? And where exactly is here? |