On-line Browser vulnerabilty-test website: Windows 98 / IE6 / FF2.20 /Netscape 9 (pass 100%)

9

98 Guy

This website:

Browser Security Test
http://bcheck.scanit.be/bcheck/

Allows users to subject their computer/browser to a selection of
synthetic exploits as follows:

- user selectable tests / exploits
- test only exploits known to affect the user's particular browser
- all tests for all known exploits

There are 19 tests in total. See below for a summary of them.

I ran these tests 3 times - once against each of the installed browsers
on my win-98se system.

I did not have any AV program or any form of browser-protection program
running on my test system.

-------------
Test results
-------------

Browser name: Firefox/2.0.0.12 Navigator
Version: 9.0.0.6
Platform: Windows 98
Congratulations! The test has found no vulnerabilities in your browser!

Browser name: Firefox
Version: 2.0.0.20
Platform: Windows 98
Congratulations! The test has found no vulnerabilities in your browser!

Browser name: MSIE
Version: 6.0
Platform: Windows 98
Congratulations! The test has found no vulnerabilities in your browser!

During the IE6 test, I was asked to download / run these two files:

crashy2.xul (a small script file)
path-neg.svg (another small script file)

The second file seems to be a very old IE5/IE6 exploit, as described
here:

http://www.greymagic.com/security/advisories/gm012-ie/

Neither of the above 2 files, when submitted to VirusTotal, are detected
as threats by any of the 42 AV apps hosted on that site.

Note the stats (% vulnerable browsers):

http://bcheck.scanit.be/bcheck/stats.php

------------------
Summary of tests
------------------

Windows animated cursor overflow (CVE-2007-0038) (This test may trigger
anti-virus warnings)
Mozilla crashes with evidence of memory corruption (CVE-2007-0777)
Internet Explorer bait & switch race condition (CVE-2007-3091)
Mozilla crashes with evidence of memory corruption (CVE-2007-2867)
Internet Explorer createTextRange arbitrary code execution
(CVE-2006-1359)
Windows MDAC ADODB ActiveX control invalid length (CVE-2006-5559)
Adobe Flash Player video file parsing integer overflow (CVE-2007-3456)
XMLDOM substringData() heap overflow (CVE-2007-2223)
Mozilla crashes with evidence of memory corruption (rv:1.8.1.5)
(CVE-2007-3734)
Opera JavaScript invalid pointer arbitrary code execution (CVE-2007-436)
Apple QuickTime MOV file JVTCompEncodeFrame heap overflow
(CVE-2007-2295)
Mozilla code execution via QuickTime Media-link files (CVE-2006-4965)
Mozilla crashes with evidence of memory corruption (rv:1.8.1.8) (
CVE-2007-533)
Mozilla memory corruption vulnerabilities (rv:1.8.1.10) (CVE-2007-5959)
Mozilla crashes with evidence of memory corruption (rv:1.8.1.12)
(CVE-2008-0412)
Apple QuickTime 'QTPlugin.ocx' ActiveX Control Multiple Buffer Overflows
()
Window location property cross-domain scripting (CVE-2008-2947)
Mozilla Firefox MathML integer overflow (CVE-2008-4061)
Internet Explorer XML nested SPAN elements memory corruption
(CVE-2008-4844)

Meb will no doubt respond to this post by frothing and spewing one
excuse after another why these tests should not be believed or taken as
evidence that Win-98 combined with old/legacy browsers are not
vulnerable to common exploitation.
 
M

MEB

This website:

Browser Security Test
http://bcheck.scanit.be/bcheck/

Allows users to subject their computer/browser to a selection of
synthetic exploits as follows:

- user selectable tests / exploits
- test only exploits known to affect the user's particular browser
- all tests for all known exploits

There are 19 tests in total. See below for a summary of them.

I ran these tests 3 times - once against each of the installed browsers
on my win-98se system.

I did not have any AV program or any form of browser-protection program
running on my test system.

-------------
Test results
-------------

Browser name: Firefox/2.0.0.12 Navigator
Version: 9.0.0.6
Platform: Windows 98
Congratulations! The test has found no vulnerabilities in your browser!

Browser name: Firefox
Version: 2.0.0.20
Platform: Windows 98
Congratulations! The test has found no vulnerabilities in your browser!

Browser name: MSIE
Version: 6.0
Platform: Windows 98
Congratulations! The test has found no vulnerabilities in your browser!

During the IE6 test, I was asked to download / run these two files:

crashy2.xul (a small script file)
path-neg.svg (another small script file)

The second file seems to be a very old IE5/IE6 exploit, as described
here:

http://www.greymagic.com/security/advisories/gm012-ie/

Neither of the above 2 files, when submitted to VirusTotal, are detected
as threats by any of the 42 AV apps hosted on that site.

Note the stats (% vulnerable browsers):

http://bcheck.scanit.be/bcheck/stats.php

------------------
Summary of tests
------------------

Windows animated cursor overflow (CVE-2007-0038) (This test may trigger
anti-virus warnings)
Mozilla crashes with evidence of memory corruption (CVE-2007-0777)
Internet Explorer bait & switch race condition (CVE-2007-3091)
Mozilla crashes with evidence of memory corruption (CVE-2007-2867)
Internet Explorer createTextRange arbitrary code execution
(CVE-2006-1359)
Windows MDAC ADODB ActiveX control invalid length (CVE-2006-5559)
Adobe Flash Player video file parsing integer overflow (CVE-2007-3456)
XMLDOM substringData() heap overflow (CVE-2007-2223)
Mozilla crashes with evidence of memory corruption (rv:1.8.1.5)
(CVE-2007-3734)
Opera JavaScript invalid pointer arbitrary code execution (CVE-2007-436)
Apple QuickTime MOV file JVTCompEncodeFrame heap overflow
(CVE-2007-2295)
Mozilla code execution via QuickTime Media-link files (CVE-2006-4965)
Mozilla crashes with evidence of memory corruption (rv:1.8.1.8) (
CVE-2007-533)
Mozilla memory corruption vulnerabilities (rv:1.8.1.10) (CVE-2007-5959)
Mozilla crashes with evidence of memory corruption (rv:1.8.1.12)
(CVE-2008-0412)
Apple QuickTime 'QTPlugin.ocx' ActiveX Control Multiple Buffer Overflows
()
Window location property cross-domain scripting (CVE-2008-2947)
Mozilla Firefox MathML integer overflow (CVE-2008-4061)
Internet Explorer XML nested SPAN elements memory corruption
(CVE-2008-4844)

Meb will no doubt respond to this post by frothing and spewing one
excuse after another why these tests should not be believed or taken as
evidence that Win-98 combined with old/legacy browsers are not
vulnerable to common exploitation.

Hey dimwit, the files aren't classed as nor found as malware, what
might that mean.... and of course you PERSONALLY CHECKED THOSE FILES
codings to see if they actually CHECKED anything didn't ya AND WERE NOT
malware injection stubs... okay we know you didn't, your not intelligent
enough to do so.

Were these supposedly Win9X classed, or were these... nothing... or
maybe NT only or,,, yeah let's all believe this dimwit.... smart enough
to download AND RUN some unknown files from a supposed testing site of
unknown character and unknown reliability, using just two files to test
all of the thousands of exploits and their variants.... using, gee,
maybe "proof of concept" code distributed for NT SYSTEMS.

Oh, and what happened to the KNOWN malware exploits that exist in Win9X
with IE6 [in the wild], where did they show, must have missed that group
of tests. And how about that XSS KNOWN vulnerability test for FireFox
2.0.0.20 [in the wild], and the specific tests for the vulnerabilities
in 9.0.0.6 [in the wild], did I miss those.

You are a moron.... and you did this with NO anti-malware protection,
yep yuz a brite bulb... make sure yuz tak dat computer ta work wit ya in
hook it to da buznis network....

--
MEB
http://peoplescounsel.org/ref/windows-main.htm
Windows Info, Diagnostics, Security, Networking
http://peoplescounsel.org
The "real world" of Law, Justice, and Government
___---
 
H

Hot-text

NO anti-malware protection why would you do that for?
you need to always run a protection on your Computer 98 Guy ,,,,,
 
P

Peter Foldes

I think you forgot to add more newsgroups to you wonderful job in crossposting.
 
9

98 Guy

Top-Poaster Peter Foldes top-poasted:
I think you forgot to add more newsgroups to you wonderful job in
crossposting.

Thanks Peter. I know that you are in agreement with me that the
selection of groups that I posted to (win-98, win-me, and IE6) was a
very wise choice - given that this combination of OS's and browser is
arguably at the crux of what most people consider to be un-supported or
that the degree to which their compatibility with various browser
exploits is largely unknown given the focus on NT-based OS's such as XP
and above.

I know that you are in complete agreement with me (as you indicate) that
crossposting is completely normal and useful when subject matter is
applicable to several groups simultaneously.
 
9

98 Guy

webster72n said:
You are in a ME newsgroup, that's 'here'.
'98 is next door, comprente?

Apparently you don't understand the concept of cross-posting.

You win-me people shouldn't be so beligerent. I'm surprised you people
even exist. When are you going to come back to win-98?
 
W

webster72n

98 Guy said:
Apparently you don't understand the concept of cross-posting.

You win-me people shouldn't be so beligerent.

That describes you much better.
Here we are used to minding our own business.
Wish you would mind yours.
I'm surprised you people
even exist. When are you going to come back to win-98?

Don't hold your breath...
 

Ask a Question

Want to reply to this thread or ask your own question?

You'll need to choose a username for the site, which only take a couple of moments. After that, you can post your question and our members will help you out.

Ask a Question

Top