 Dude111An Awesome DudePremium
join:2003-08-04
USA
kudos:11 | Test your browser »www.browserscope.org/security/test
An interesting test.
When i put that domain in my restricted zone and try to load that link,ALL I GET IS A BLANK SCREEN!! (Browser wont allow it if its in that zone) |
|
 jadinolfI love you FredPremium
join:2005-07-09
Ojai, CA
kudos:9 | CSRF error, whatever that is. 
--
Printed on 100% recycled bytes |
|
 therube
join:2004-11-11
Randallstown, MD | NoScript: Cross-Site Scripting (XSS) or CSRF |
|
jadinolfI love you FredPremium
join:2005-07-09
Ojai, CA
kudos:9 | reply to Dude111
Oh yes, thanks for the tip.  |
|
 DustynPremium
join:2003-02-26
Ontario, CAN
kudos:10
1 edit | reply to Dude111
IE9 | 
Opera 12.14 |
|
|
|
|
 BachI'll Be BachPremium
join:2002-02-16
Flint, MI
 ·Comcast
| reply to Dude111
FireFox 19.0
|
|
| reply to Dude111
Thx for the post, running Fx 18.0.2 here... |
|
| reply to Dude111
Just updated to Fx 19.0 and upon rescanning I received the same results! |
|
BachI'll Be BachPremium
join:2002-02-16
Flint, MI Reviews:
·Comcast
| said by Marsman1:Just updated to Fx 19.0 and upon rescanning I received the same results!
Interesting. Before upgrading to 19.0 I also testing with 18.0.2 and in both cases got 4 items failing, whereas you get only 1. |
|
 EUSKill cancerPremium
join:2002-09-10
canada | reply to Dude111
Opera: The test won't run.
Chromium: #3 Shows FAIL.
Konqueror out of box does not do well.
--
~ Project Hope ~ |
|
 LinklistPremium
join:2002-03-03
Longport, NJ
kudos:5 | reply to Dude111
Mobile Safari on an iPad
PASS postMessage API
PASS JSON.parse API
FAIL toStaticHTML API
PASS httpOnly cookie API
PASS X-Frame-Options
FAIL X-Content-Type-Options
PASS Block reflected XSS
PASS Block location spoofing
PASS Block JSON hijacking
PASS Block XSS in CSS
PASS Sandbox attribute
PASS Origin header
FAIL Strict Transport Security
PASS Block cross-origin CSS attacks
PASS Content Security Policy
PASS Cross Origin Resource Sharing
PASS Block visited link sniffing
--
A democracy cannot exist as a permanent form of government. It can only exist until the voters discover that they can vote themselves money from the public treasury. |
|
LinklistPremium
join:2002-03-03
Longport, NJ
kudos:5 | Mobile Chrome on iPad:
PASS postMessage API
PASS JSON.parse API
FAIL toStaticHTML API
PASS httpOnly cookie API
PASS X-Frame-Options
FAIL X-Content-Type-Options
PASS Block reflected XSS
PASS Block location spoofing
PASS Block JSON hijacking
PASS Block XSS in CSS
PASS Sandbox attribute
PASS Origin header
PASS Strict Transport Security
PASS Block cross-origin CSS attacks
PASS Content Security Policy
PASS Cross Origin Resource Sharing
PASS Block visited link sniffing
--
A democracy cannot exist as a permanent form of government. It can only exist until the voters discover that they can vote themselves money from the public treasury. |
|
| reply to Dude111
Test 1 with NoScript XSS protection on | 
Test 2 with NoScript XSS Protection off |
|
|
| reply to Dude111
Firefox 18.0.2 with NoScript | 
SRWare Iron 19.0 |
|
|
| reply to Bach
said by Bach:said by Marsman1:Just updated to Fx 19.0 and upon rescanning I received the same results!
Interesting. Before upgrading to 19.0 I also testing with 18.0.2 and in both cases got 4 items failing, whereas you get only 1. i think the difference is having the "noscript" addon, for "firefox"..
running FF in "safe mode" ie with no "noscript", i got the same results that you did.. but, when running FF in normal mode, with "noscript", i got the same results that marsman did..
if you want your computer to be secure, i would recommend using the "noscript" addon, with "firefox', not just to pass the "browserscope"-tests but to restrict javascript from running, as well as restricting plugins from running.. |
|
| reply to Ravenheart
Iron 24.0, same as for Iron 19.0 |
|
| reply to Dude111
Doesn't do anything, I guess that means I passed.
NO, I will not turn down my security to TEST my security. |
|
Dude111An Awesome DudePremium
join:2003-08-04
USA
kudos:11 | Ahhhh you get a blank screen also??
Very good....... |
|
Reviews:
 ·WestNet Broadband
| .So did I.
However if you do not allow the first domain to be trusted, you might as well pull the plug on the computer. 
--
The only thing necessary for the triumph of evil is for good men to do nothing - Edmund Burke
|
|
Reviews:
·WestNet Broadband
| reply to Dude111
Re: Test your browser Well, I let the main domain have permissions for running the test.
However a second domain browserscope2.org wants permission, so does the following:
pwdhash.com for an iframe
and of course:
google-analytics.com for a script - ga.js
But without allowing them, the screen shot shows results.
Seems Chrome has a toStaticHTML.API issue for security.
IE9 I might test, who knows, seems fun enough.
--
The only thing necessary for the triumph of evil is for good men to do nothing - Edmund Burke
|
|
