Browser Security

http://bcheck.scanit.be/bcheck/sid-f1fc38e2e6252ba0550a6d85a1de0ecb/

I've tested the latest version of K-meleon, Firefox, Opera, and IE 6 SP2.

IE6 failed for me.

When you run this, make sure you turn off all popup stoppers.

Enabling the pop blocker allowed IE to pass the test, but IMO, thats a joke.

IE6sp1 shows the same vulnerability.

 

Technical Details
"This cross-domain scripting vulnerability allows executing JavaScript code
in the context of any domain. Combined with other Internet Explorer
vulnerabilities it allows executing code in Local Computer security zone,
leading to installation and execution of arbitrary programs.
First a malicious page creates an IFRAME pointing that redirects to a page
in the target domain (or Local Computer zone). Then a modal dialog is
created and the reference to the IFRAME is passed to the dialog in
dialogArguments parameter of showModalDialog function.
The modal dialog caches the reference to the IFRAME and waits until IFRAME's
domain changes due to the redirect. Then the dialog page closes itself and
returns the cached reference.
The original page receives the window reference from the modal dialog and
changes the location of this window to a javascript: URL. The JavaScript
code gets executed in the context of the domain to which the IFRAME was
redirected.

Recommendations
There is no patch currently available to fix this problem. Updating your
antivirus software with latest signatures can limit the consequences of a
successful exploit."

 

Opera seems to do okay.
The Browser Security Test is finished. Please find the results below:
High Risk Vulnerabilities 0
Medium Risk Vulnerabilities 0
Low Risk Vulnerabilities 0

 

Yeah, Opera was OK for me too. Just not IE.

 

LOL, that works too

 

It's not a bug, it's a feature!

I'm trying IE with Bug Off v1.0 on, and the test dies on test 20/20.