Security of Firefox with NoScript installed...

Hi malware fighters,

Scanned my Mozilla/5.0 (Windows; U; Windows NT 5.1; en-US; rv:1.9.3a1pre) Gecko/20090929 Minefield/3.7a1pre ID:20090929160423 with NoScript 1.9.9.11 against browser security check:
http://www.scanit.be/bcheck

* Passed  Mozilla crashes with evidence of memory corruption - passed
* Passed Mozilla crashes with evidence of memory corruption - passed
* Passed Adobe Flash Player video file parsing integer overflow - passed
* Passed Mozilla crashes with evidence of memory corruption (rv:1.8.1.5) - passed
* Passed Apple QuickTime MOV file JVTCompEncodeFrame heap overflow - passed
* Passed Mozilla code execution via QuickTime Media-link files - passed
* Passed Mozilla crashes with evidence of memory corruption (rv:1.8.1.8) - passed
* Passed Mozilla memory corruption vulnerabilities (rv:1.8.1.10) - passed
* Passed Mozilla crashes with evidence of memory corruption (rv:1.8.1.12) - passed
* Passed Mozilla Firefox MathML integer overflow - passed 

Congratulations! The test has found no vulnerabilities in your browser!

How is your browser performing,

polonus

IE8 :smiley:

Test results
• Mozilla crashes with evidence of memory corruption - passed
• Internet Explorer bait & switch race condition - passed
• Mozilla crashes with evidence of memory corruption - passed
• Internet Explorer createTextRange arbitrary code execution - passed
• Windows MDAC ADODB ActiveX control invalid length - passed
• Adobe Flash Player video file parsing integer overflow - passed
• XMLDOM substringData() heap overflow - passed
• Mozilla crashes with evidence of memory corruption (rv:1.8.1.5) - passed
• Opera JavaScript invalid pointer arbitrary code execution - passed
• Apple QuickTime MOV file JVTCompEncodeFrame heap overflow - passed
• Mozilla code execution via QuickTime Media-link files - passed
• Mozilla crashes with evidence of memory corruption (rv:1.8.1.8) - passed
• Mozilla memory corruption vulnerabilities (rv:1.8.1.10) - passed
• Mozilla crashes with evidence of memory corruption (rv:1.8.1.12) - passed
• Apple QuickTime ‘QTPlugin.ocx’ ActiveX Control Multiple Buffer Overflows - passed
• Window location property cross-domain scripting - passed
• Mozilla Firefox MathML integer overflow - passed
• Internet Explorer XML nested SPAN elements memory corruption - passed

Congratulations! The test has found no vulnerabilities in your browser!

edit Nevermind avast does detect it, as i tryed it in IE8 and it found it. The only reason it didnt on FF was because NoScript never allowed it run in the first place.

Hi DarkLegend,

That is why I have NoScript extension installed and I am an active member of Giorgio Maone’s NoScript webforum (under my nick “luntrus”). NoScript has not been circumvented by any exploit of the past, the present and the foreseeable future. Together with running your OS as normal user so malware vectors cannot get active inside your System32 or OS will give you excellent security against malware all sorts.
Remember that 93% of malcode is wittingly installed on an every-day-bases by the un-educated and ill-informed users or those who cannot bother to be interested in security,

polonus

my firefox did just fine
hi damian…still alive :wink:
click on pic to enlage ::slight_smile:

My Firefox passed all ten tests without NoScript or any other add-ons installed. Top that!

Mozilla/5.0 (Windows; U; Windows NT 5.1; en-US; rv:1.9.1.3) Gecko/20090824 Firefox/3.5.3

Test results * Passed Mozilla crashes with evidence of memory corruption - passed * Passed Mozilla crashes with evidence of memory corruption - passed * Passed Adobe Flash Player video file parsing integer overflow - passed * Passed Mozilla crashes with evidence of memory corruption (rv:1.8.1.5) - passed * Passed Apple QuickTime MOV file JVTCompEncodeFrame heap overflow - passed * Passed Mozilla code execution via QuickTime Media-link files - passed * Passed Mozilla crashes with evidence of memory corruption (rv:1.8.1.8) - passed * Passed Mozilla memory corruption vulnerabilities (rv:1.8.1.10) - passed * Passed Mozilla crashes with evidence of memory corruption (rv:1.8.1.12) - passed * Passed Mozilla Firefox MathML integer overflow - passed

Congratulations! The test has found no vulnerabilities in your browser!

Avast came up with a virus warning around test 17.

Sign of “JS:XMLParse-A [Expl]” has been found in “http://bcheck.sanit.be/becheck/raw.php” file.

Does this mean I’m infected now? :open_mouth:

Test results

* Passed Mozilla crashes with evidence of memory corruption - passed
* Passed Internet Explorer bait & switch race condition - passed
* Passed Mozilla crashes with evidence of memory corruption - passed
* Passed Internet Explorer createTextRange arbitrary code execution - passed
* Passed Windows MDAC ADODB ActiveX control invalid length - passed
* Passed Adobe Flash Player video file parsing integer overflow - passed
* Passed XMLDOM substringData() heap overflow - passed
* Passed Mozilla crashes with evidence of memory corruption (rv:1.8.1.5) - passed
* Passed Opera JavaScript invalid pointer arbitrary code execution - passed
* Passed Apple QuickTime MOV file JVTCompEncodeFrame heap overflow - passed
* Passed Mozilla code execution via QuickTime Media-link files - passed
* Passed Mozilla crashes with evidence of memory corruption (rv:1.8.1.8) - passed
* Passed Mozilla memory corruption vulnerabilities (rv:1.8.1.10) - passed
* Passed Mozilla crashes with evidence of memory corruption (rv:1.8.1.12) - passed
* Passed Apple QuickTime 'QTPlugin.ocx' ActiveX Control Multiple Buffer Overflows - passed
* Passed Window location property cross-domain scripting - passed
* Passed Mozilla Firefox MathML integer overflow - passed
* Passed Internet Explorer XML nested SPAN elements memory corruption - passed 

Congratulations! The test has found no vulnerabilities in your browser!

IE8 with avast! V5 beta2

Threat detected

10/24/2009 7:32:45 PM	http://bcheck.scanit.be/bcheck/raw.php [L] JS:XMLParse-A [Expl] (0)

Firefox 2.0.0.20, a version which hasn’t received a security update for ten months, passed. This doesn’t seem to be a very good security tester.

Mozilla/5.0 (Windows; U; Windows NT 5.1; en-US; rv:1.8.1.20) Gecko/20081217 Firefox/2.0.0.20
Test results
* Passed Mozilla crashes with evidence of memory corruption - passed
* Passed Mozilla crashes with evidence of memory corruption - passed
* Passed Adobe Flash Player video file parsing integer overflow - passed
* Passed Mozilla crashes with evidence of memory corruption (rv:1.8.1.5) - passed
* Passed Apple QuickTime MOV file JVTCompEncodeFrame heap overflow - passed
* Passed Mozilla code execution via QuickTime Media-link files - passed
* Passed Mozilla crashes with evidence of memory corruption (rv:1.8.1.8) - passed
* Passed Mozilla memory corruption vulnerabilities (rv:1.8.1.10) - passed
* Passed Mozilla crashes with evidence of memory corruption (rv:1.8.1.12) - passed
* Passed Mozilla Firefox MathML integer overflow - passed
Congratulations! The test has found no vulnerabilities in your browser!

Well, no point posting the same as everyone else really,but that virus alert…

Quick Help
* Help! My anti-virus says there is a virus!
  Your anti-virus is doing its job. It detects the exploit we are attempting and warns you about it. The virus it detects is some malicious software that uses the same bug we test for. Apart from exploiting same browser bug the Browser Security Test and the virus have nothing in common. We are not installing any trojans or attempting to infect you with viruses.</blockquote>