The Browser Security Test is finished. Please find the results below:
High Risk Vulnerabilities 0
Medium Risk Vulnerabilities 0
Low Risk Vulnerabilities 0
The Browser Security Test is finished. Please find the results below:
High Risk Vulnerabilities 0
Medium Risk Vulnerabilities 0
Low Risk Vulnerabilities 0
Mozilla Firefox 0.8
I don't think you need to disable your software firewall. The firewall allows traffic to and from the browser. I think the idea of this test is to check whether that traffic can be used to do damage.
The Browser Security Test is finished. Please find the results below:
High Risk Vulnerabilities 0
Medium Risk Vulnerabilities 0
Low Risk Vulnerabilities 0
High Risk Vulnerabilities 1
Medium Risk Vulnerabilities 0
Low Risk Vulnerabilities 0
High Risk Vulnerabilities
Microsoft Internet Explorer CHM File Processing Arbitrary Code Execution Vulnerability (bid9658)
Technical Details
CHM files are "Compiled HTML Help" files. This is a proprietary Microsoft format used for storing help files in Windows applications. CHM files can contain multiple HTML pages, tables of contents, indexes, etc.
When a CHM file is opened from a local disk, it is treated as trusted content, and the execution of scripts in CHM file is not restricted in any way. They can therefore start programs, write data to the disk, and so on.
When a user attempts to open a CHM file from a remote web site, normally Internet Explorer displays a dialog box asking what to do with the file. The dialog box includes a warning saying that the file can contain malicious content and allows the user to save the file without opening it.
This bug allows to bypass the warning from Internet Explorer and download and run a CHM file automatically. This is done by redirecting the IFRAME to a specially crafted URL like this: "URL:ms-its: mhtml: file://C:\ss.MHT!http://www.example.com//chm.chm::/files/launch.htm" Internet Explorer will download chm.chm file from the specified website and execute it without warning the user. The CHM file can contain scripts that will have complete access to the user's computer.
Recommendations
No patch is available for this problem yet. A possible workaround is to disable Active Scripting in Internet Explorer "Local Computer" zone.
Follow these steps to disable Active Scripting in "Local Computer" zone. Warning: This procedure requires editing the registry. If you use Registry Editor incorrectly, you may cause serious problems that may require you to reinstall your operating system.
Start Registry Editor (Click "Start" button, choose "Run", type "regedit" and click OK).
Locate the following key HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Win dows\CurrentVersion\Internet Settings\Security_HKLM_only and set it to the value of 1
Locate the following key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\Curr entVersion\Internet Settings\Zones\0\1400 and set it to the value of 3
Restart Internet Explorer
[EDIT]
The fix described above from the website doesn't work because the registry key doesn't exist. I figured out how to fix it though described below.
1. Open IE
2. Go to internet options
3. Go to security tab
4. Highlight "local internet"
5. Select the custom level button
6. Scroll down to scripting\active scripting and select "prompt"
Done!
The Browser Security Test is finished. Please find the results below:
High Risk Vulnerabilities 0
Medium Risk Vulnerabilities 0
Low Risk Vulnerabilities 0
Browser name: Mozilla
Version: 1.6
Platform: Windows
Can someone hack into your computer via your browser? How vulnerable you are?
Browser Security Test Results
Dear Customer,
The Browser Security Test is finished. Please find the results below:
High Risk Vulnerabilities 0
Medium Risk Vulnerabilities 0
Low Risk Vulnerabilities 0
New bugs keep coming! Sign up for announcements of new tests.
Questions about the test? Read the FAQ.
Still having questions? Send us your feedback.
Want to know how everyone else is doing on Browser Test? Check our statistics.