| Browser Security Test »webtest.scanit.be/bcheck/index.php |
|
 dadkinsCan you do Blu?Premium,MVM
join:2003-09-26
Hercules, CA
kudos:18 | 
As usual... |
 |
|
 poppsterTell the truth and then run.Premium
join:2003-12-23
Midwest
kudos:1 | reply to DSHIELD
Opera 9.10 |
|
 cocothebeanYou Are My NightmarePremium
join:2002-11-16
Carson City, NV | reply to DSHIELD
Can't believe that site is still around!!! |
|
poppsterTell the truth and then run.Premium
join:2003-12-23
Midwest
kudos:1
1 edit | said by cocothebean:Can't believe that site is still around!!! I've never heard of it, which doesn't mean anything... 
Is it an old site, whose results are meaningless?
--
What else would you do?
--
There is hope! |
|
cocothebeanYou Are My NightmarePremium
join:2002-11-16
Carson City, NV | said by poppster:said by cocothebean:Can't believe that site is still around!!! I've never heard of it, which doesn't mean anything... Is it an old site, whose results are meaningless? I'm sure they keep it updated.
Its just that I haven't seen it in a few years. |
|
poppsterTell the truth and then run.Premium
join:2003-12-23
Midwest
kudos:1 | I see.....I guess I don't get out much! |
|
| reply to DSHIELD
IE7 came up clean also. |
|
| reply to DSHIELD
High Risk Vulnerabilities
Internet Explorer Modal Dialog Argument Caching Cross-Domain Scripting Vulnerability (jel20040607)
Description
This bug allows a malicious web page to execute any programs on your computer. A malicious hacker can take complete control over your computer using this bug. The bug can be exploited by a web page you browse or HTML email mesage you open.
This bug was discovered "in the wild" and is used by malicious web sites to install adware on visitors' computers.
Technical Details
This cross-domain scripting vulnerability allows executing JavaScript code in the context of any domain. Combined with other Internet Explorer vulnerabilities it allows executing code in Local Computer security zone, leading to installation and execution of arbitrary programs.
First a malicious page creates an IFRAME pointing that redirects to a page in the target domain (or Local Computer zone). Then a modal dialog is created and the reference to the IFRAME is passed to the dialog in dialogArguments parameter of showModalDialog function.
The modal dialog caches the reference to the IFRAME and waits until IFRAME's domain changes due to the redirect. Then the dialog page closes itself and returns the cached reference.
The original page receives the window reference from the modal dialog and changes the location of this window to a javascript: URL. The JavaScript code gets executed in the context of the domain to which the IFRAME was redirected.
Disabled IFrame. It's all good now.  |
|
| That was on version 7? My version 7 is on default settings and passed. |
|
| said by ABL1:That was on version 7? My version 7 is on default settings and passed. Yup...IE7. Is default IFrame set to prompt? |
|
| reply to ABL1
I think the reason a IFrame vulnerablity was returned is because I selected 'Okay' in stead of closing the prompt dialogue box.
I'll run the test later and check it out. |
|
Mele20Premium
join:2001-06-05
Hilo, HI
kudos:4 | reply to cocothebean
Considering that the results page makes a big thing of pointing out that the test does not test for WMF...I'd say this isn't kept up very well. It is a VERY old test.
Fx 2.0 passed.
Fx 1.5.0.9 has renamed itself. It announces that is version 1.9. The test site says it has never heard of this version of Fx and cannot test it. LOL
--
"If you want to do DRM on a PC then you need to treat the user as the enemy." Ross Anderson in "`Trusted Computing' Frequently Asked Questions"
»www.msfirefox.com/ |
|
 MarkAWBarry WhitePremium
join:2001-08-27
Canada
kudos:16
1 edit | reply to DSHIELD
 | 
Locked down IE6 |
|
|
| reply to Qorum
Mine was good except Iframe. You said you disabled, how does one do that? What is the purpose of Iframe and what conflickts would disabling cause, if any? Thank you
--
"My son defends our freedom in the USAF" |
|
 jaykaykay4 Ever YoungPremium,MVM
join:2000-04-13
Scottsdale, AZ
kudos:19
 ·Speakeasy
1 edit | reply to DSHIELD
It's been a long time since I have seen this one. Just for the heck of it, ran it since I had nothing to loose. Interestingly enough, it did set off my Zone Alarm Suite with 2 "error" readings. |
|
| reply to DSHIELD
IE7 Fully Patched - Default Settings |
|
|
|
 ABPremium
join:2006-04-04
Leesburg, VA
kudos:3
·Verizon Online DSL
| reply to nakedland
said by nakedland:Mine was good except Iframe. You said you disabled, how does one do that? What is the purpose of Iframe and what conflickts would disabling cause, if any? Thank you DSLR uses IFrames sometimes. I suspect disabling it would give you less functionality on this site, among others. It's a browser function that has been used for security exploits at times.
Your choices are in Control Panel - Internet Options - Security - Zones. |
|
 BuddelIf it ain't broke, don't fix it.Premium
join:2004-03-06
EU
kudos:3 | reply to DSHIELD
IE 6 - the browser you can trust! |
|
ABPremium
join:2006-04-04
Leesburg, VA
kudos:3 Reviews:
·Verizon Online DSL
| said by Buddel:IE 6 - the browser you can trust! What's curious about this is one must enable javascripting (a security issue) in order to take the test.
So, in essence, by merely being able to be tested, one is not fully secure.
I'd love to see a vulnerability listed there- "javascripting is enabled." |
|
