19579823 (banned)An Awesome Dude join:2003-08-04
3 recommendations |
19579823 (banned)
Member
2013-Feb-19 6:21 pm
Test your browser» www.browserscope.org/sec ··· ity/testAn interesting test. When i put that domain in my restricted zone and try to load that link,ALL I GET IS A BLANK SCREEN!! (Browser wont allow it if its in that zone) |
|
jadinolfI love you Fred Premium Member join:2005-07-09 Ojai, CA |
jadinolf
Premium Member
2013-Feb-19 6:48 pm
CSRF error, whatever that is. |
|
therube join:2004-11-11 Randallstown, MD
1 recommendation |
|
|
jadinolfI love you Fred Premium Member join:2005-07-09 Ojai, CA |
to 19579823
Oh yes, thanks for the tip. |
|
Dustyn Premium Member join:2003-02-26 Ontario, CAN ·Carry Telecom ·TekSavvy Cable Asus GT-AX11000 Technicolor TC4400
1 edit
1 recommendation |
to 19579823
IE9 | Opera 12.14 |
Results. |
|
Bach Premium Member join:2002-02-16 Flint, MI |
to 19579823
FireFox 19.0
|
|
|
to 19579823
Thx for the post, running Fx 18.0.2 here... |
|
Marsman |
to 19579823
Just updated to Fx 19.0 and upon rescanning I received the same results! |
|
Bach Premium Member join:2002-02-16 Flint, MI |
Bach
Premium Member
2013-Feb-19 8:34 pm
said by Marsman:Just updated to Fx 19.0 and upon rescanning I received the same results! Interesting. Before upgrading to 19.0 I also testing with 18.0.2 and in both cases got 4 items failing, whereas you get only 1. |
|
EUSKill cancer Premium Member join:2002-09-10 canada |
to 19579823
Opera: The test won't run. Chromium: #3 Shows FAIL. Konqueror out of box does not do well. |
|
FFH5 Premium Member join:2002-03-03 Tavistock NJ |
to 19579823
Mobile Safari on an iPad
PASS postMessage API PASS JSON.parse API FAIL toStaticHTML API PASS httpOnly cookie API PASS X-Frame-Options FAIL X-Content-Type-Options PASS Block reflected XSS PASS Block location spoofing PASS Block JSON hijacking PASS Block XSS in CSS PASS Sandbox attribute PASS Origin header FAIL Strict Transport Security PASS Block cross-origin CSS attacks PASS Content Security Policy PASS Cross Origin Resource Sharing PASS Block visited link sniffing |
|
FFH5 |
FFH5
Premium Member
2013-Feb-19 9:29 pm
Mobile Chrome on iPad:
PASS postMessage API PASS JSON.parse API FAIL toStaticHTML API PASS httpOnly cookie API PASS X-Frame-Options FAIL X-Content-Type-Options PASS Block reflected XSS PASS Block location spoofing PASS Block JSON hijacking PASS Block XSS in CSS PASS Sandbox attribute PASS Origin header PASS Strict Transport Security PASS Block cross-origin CSS attacks PASS Content Security Policy PASS Cross Origin Resource Sharing PASS Block visited link sniffing |
|
|
to 19579823
Test 1 with NoScript XSS protection on | Test 2 with NoScript XSS Protection off |
Just for kicks I did the test twice in Firefox 18.0.2...once with NoScript's XSS protection on and once with it off |
|
|
to 19579823
Firefox 18.0.2 with NoScript | SRWare Iron 19.0 |
Opera 12.01 much as for Dustyn but FAIL Strict Transport Security |
|
|
to Bach
said by Bach:said by Marsman:Just updated to Fx 19.0 and upon rescanning I received the same results! Interesting. Before upgrading to 19.0 I also testing with 18.0.2 and in both cases got 4 items failing, whereas you get only 1. i think the difference is having the "noscript" addon, for "firefox".. running FF in "safe mode" ie with no "noscript", i got the same results that you did.. but, when running FF in normal mode, with "noscript", i got the same results that marsman did.. if you want your computer to be secure, i would recommend using the "noscript" addon, with "firefox', not just to pass the "browserscope"-tests but to restrict javascript from running, as well as restricting plugins from running.. |
|
|
Iron 24.0, same as for Iron 19.0 |
|
|
JustBurnt to 19579823
Anon
2013-Feb-19 10:58 pm
to 19579823
Doesn't do anything, I guess that means I passed.
NO, I will not turn down my security to TEST my security. |
|
19579823 (banned)An Awesome Dude join:2003-08-04 |
19579823 (banned)
Member
2013-Feb-19 11:23 pm
Ahhhh you get a blank screen also??
Very good....... |
|
norwegian Premium Member join:2005-02-15 Outback |
.So did I. However if you do not allow the first domain to be trusted, you might as well pull the plug on the computer. |
|
norwegian |
to 19579823
Re: Test your browserWell, I let the main domain have permissions for running the test. However a second domain browserscope2.org wants permission, so does the following: pwdhash.com for an iframe and of course: google-analytics.com for a script - ga.js But without allowing them, the screen shot shows results. Seems Chrome has a toStaticHTML.API issue for security. IE9 I might test, who knows, seems fun enough. |
|
|
norwegian
1 recommendation |
On toStaticHTML.API» code.google.com/p/chromi ··· d=108159Where's Name Game , I'm sure this browser is the safest, but check the date Dec 2011 I could %$^$#&7 at some of these vendors laziness some days. |
|
|
to 19579823
i didn't see where anyone tested google's "chrome" browser, with the "browserscope"-tests.. is no one here using google's "chrome" browser? |
|
CCatWe're all quite mad here MVM join:2005-12-06 Wonderland |
CCat
MVM
2013-Feb-20 11:12 am
|
|
pokesphIt Is Almost Fast Premium Member join:2001-06-25 Sacramento, CA |
to 19579823
Firefox 18.0.2 |
Firefox 18.0.2 w/ noscript allowing main domain comes out like this What is this origin header i see failing on many of these results? |
|
Phoenix22Death From Above Premium Member join:2001-12-11 SOG C&C Nrth |
to Marsman
go to ff19.0 |
|
Phoenix22 3 edits
1 recommendation |
to 19579823
ffox19.0 PASS postMessage API PASS JSON.parse API PASS toStaticHTML API PASS httpOnly cookie API PASS X-Frame-Options PASS X-Content-Type-Options PASS Block reflected XSS PASS Block location spoofing PASS Block JSON hijacking PASS Block XSS in CSS PASS Sandbox attribute FAIL Origin header PASS Strict Transport Security PASS Block cross-origin CSS attacks PASS Content Security Policy PASS Cross Origin Resource Sharing PASS Block visited link sniffing CSRF verification failed. Request aborted.You are seeing this message because this HTTPS site requires a 'Referer header' to be sent by your Web browser, but none was sent. This header is required for security reasons, to ensure that your browser is not being hijacked by third parties. If you have configured your browser to disable 'Referer' headers, please re-enable them, at least for this site, or for HTTPS connections, or for 'same-origin' requests. » wiki.mozilla.org/Securit ··· tigation4u older members............you'll remember steve gibson's "shields up"..........seems like 2k13 version of s.u. |
|
VikingBobGo Jets Go! Premium Member join:2004-06-05 MB Canada |
to 19579823
IE 8 really blows it on this one. FF 19 with NoScript never completes the scan, much like norwegian's results. Opera (with JS and all plugins disabled) won't run it. Another little site to test your plugin patch state: » browsercheck.qualys.com/ |
|
NormanSI gave her time to steal my mind away MVM join:2001-02-14 San Jose, CA TP-Link TD-8616 Asus RT-AC66U B1 Netgear FR114P
|
to 19579823
When I click on the, "Run the Security Rests" button, nothing happens. Opera 12.14. Scripts are globally disabled. |
|
Name Game Premium Member join:2002-07-07 Grand Rapids, MI |
to norwegian
Chrome is so safe there is no reason to run these silly test They are for IE and FF users who can't figure out why they get whacked all the time if they don't run fancy third party plugins that slow their browsers to a crawl. |
|
Mele20 Premium Member join:2001-06-05 Hilo, HI |
to 19579823
I upgraded to Fx 17.0.3 ESR earlier today and here is how it tests. Of course, Proxomitron may be affecting the results. I'm more interested in Acid3 test...only Opera gets that one 100%. |
|