On-line Browser vulnerabilty-test website: Windows 98 / IE6 / FF2.20 /Netscape 9 (pass 100%)

This website:

Browser Security Test
http://bcheck.scanit.be/bcheck/

Allows users to subject their computer/browser to a selection of
synthetic exploits as follows:

- user selectable tests / exploits
- test only exploits known to affect the user's particular browser
- all tests for all known exploits

There are 19 tests in total. See below for a summary of them.

I ran these tests 3 times - once against each of the installed browsers
on my win-98se system.

I did not have any AV program or any form of browser-protection program
running on my test system.

-------------
Test results
-------------

Browser name: Firefox/2.0.0.12 Navigator
Version: 9.0.0.6
Platform: Windows 98
Congratulations! The test has found no vulnerabilities in your browser!

Browser name: Firefox
Version: 2.0.0.20
Platform: Windows 98
Congratulations! The test has found no vulnerabilities in your browser!

Browser name: MSIE
Version: 6.0
Platform: Windows 98
Congratulations! The test has found no vulnerabilities in your browser!

During the IE6 test, I was asked to download / run these two files:

crashy2.xul (a small script file)
path-neg.svg (another small script file)

The second file seems to be a very old IE5/IE6 exploit, as described
he

http://www.greymagic.com/security/advisories/gm012-ie/

Neither of the above 2 files, when submitted to VirusTotal, are detected
as threats by any of the 42 AV apps hosted on that site.

Note the stats (% vulnerable browsers):

http://bcheck.scanit.be/bcheck/stats.php

------------------
Summary of tests
------------------

Windows animated cursor overflow (CVE-2007-0038) (This test may trigger
anti-virus warnings)
Mozilla crashes with evidence of memory corruption (CVE-2007-0777)
Internet Explorer bait & switch race condition (CVE-2007-3091)
Mozilla crashes with evidence of memory corruption (CVE-2007-2867)
Internet Explorer createTextRange arbitrary code execution
(CVE-2006-1359)
Windows MDAC ADODB ActiveX control invalid length (CVE-2006-5559)
Adobe Flash Player video file parsing integer overflow (CVE-2007-3456)
XMLDOM substringData() heap overflow (CVE-2007-2223)
Mozilla crashes with evidence of memory corruption (rv:1.8.1.5)
(CVE-2007-3734)
Opera JavaScript invalid pointer arbitrary code execution (CVE-2007-436)
Apple QuickTime MOV file JVTCompEncodeFrame heap overflow
(CVE-2007-2295)
Mozilla code execution via QuickTime Media-link files (CVE-2006-4965)
Mozilla crashes with evidence of memory corruption (rv:1.8.1.8) (
CVE-2007-533)
Mozilla memory corruption vulnerabilities (rv:1.8.1.10) (CVE-2007-5959)
Mozilla crashes with evidence of memory corruption (rv:1.8.1.12)
(CVE-2008-0412)
Apple QuickTime 'QTPlugin.ocx' ActiveX Control Multiple Buffer Overflows
()
Window location property cross-domain scripting (CVE-2008-2947)
Mozilla Firefox MathML integer overflow (CVE-2008-4061)
Internet Explorer XML nested SPAN elements memory corruption
(CVE-2008-4844)

Meb will no doubt respond to this post by frothing and spewing one
excuse after another why these tests should not be believed or taken as
evidence that Win-98 combined with old/legacy browsers are not
vulnerable to common exploitation.