Browser security test

[CeeCee]

Test your browser for vulnerabilities: http://bcheck.scanit.be/bcheck/

 

Scanit's Browser Security Test automatically checks your browser for various security problems.

 

Just ran a test with my Opera 9.22. It did 40 test and 0 vulnerabilities found.

[Forte Lambardi]

Ran mine on Mozilla FireFox 2.0.0.5.

 

No vulnerabilities found.

[DennisD]

Nice link CeeCee, bookmarked it.

[David_L]

I guess I don't understand it. It says I have 1 medium risk vulnerability "Mozilla XMLSerializer Same Origin Policy Violation Vulnerability (bid5766)" and recommends I should upgrade to Mozilla 1.0.2 or later. The only Mozilla app I'm using is FireFox 2.0.0.5 so I don't know what I'm supposed to do.

[JDPower]

That was posted a while back I think. Never used to work for me on Firefox but works now. Not sure how much use it is though - FF passes, IE passes, I even fired up the sodding awful AOL browser and that passed

[Capman]

It was posted about 12 to 18 months ago from what I remember JD, and from what I remember all the browsers that I tried passed it, so the results are almost pointless.

[fireryone]

Since their latest security news is from 2005 I consider this a bit out of date.....

 

Actually I tried this back then as well, lets see how I go this time.

 

Same as last time 1 risk:

 

Medium Risk Vulnerabilities

 

Mozilla XMLSerializer Same Origin Policy Violation Vulnerability (bid5766)

 

Description

This bug can allow a malicious web site to access your data on other web sites. For example it can be used to read you mail from a web mail system.

 

Mozilla is an open source browser. From Netscape 6 onwards, Mozilla's source code has been used to create Netscape browser. As a result, Netscape suffers from many of the same vulnerabilities as Mozilla.

 

Other browsers, such as Galeon, Phoenix, Camino (Chimera) also use Mozilla's source code and can be vulnerable too.

 

 

Technical Details

XMLSerializer object can be created by JavaScript code and used to serialize XML (or HTML) documents. serializeToStream method does not enforce same origin policy.

 

It is possible to open a document in a different domain and then use serializeToStream method to get the contents of the document.

 

 

Recommendations

 

• Netscape users need to upgrade to Netscape 7.01 or later to fix this vulnerability.
  
• Mozilla users need to upgrade to version 1.0.2 or later
  
• Galeon users - upgrade your Mozilla installation to version 1.0.2 or later and upgrade to Galeon version that supports it (1.2.6 or later)
  
• Phoenix users - upgrade to Phoenix 0.5 or later
  
• Camino (Chimera) users - upgrade to version 0.7
  

 

Additional Information

 

• Mozilla bug #91043
  
• Mozilla Download
  
• Netscape Download
  
• Galeon Download
  
• Phoenix Download
  
• Camino (Chimera) download
  

 

[runawayhorses]

Test your browser for vulnerabilities: http://bcheck.scanit.be/bcheck/

 

Scanit's Browser Security Test automatically checks your browser for various security problems.

 

Just ran a test with my Opera 9.22. It did 40 test and 0 vulnerabilities found.

It keep wanting to run active x controls too many times so I left.