• About
• Security testing
• IT Governance
• Training
• Projects
• Advisories

Browser Security Test

We have created a web site that tests web browsers for security vulnerabilities. The site has been up and running since 2003. It is the only fully automatic browser security test available now checking for 40 different vulnerabilities in Microsoft Internet Explorer, Mozilla browsers and Opera.

We have published statistics on the browser test and browser vulnerabilities in general. We were mainly interested in remote code execution vulnerabilities allowing a web site to completely compromise a visitor's computer. It turned out that in 2004 Internet Explorer had one or more remote code execution vulnerabilities with no fix available for 98% of 2004. Mozilla had unpatched remote code execution vulnerabilities for 15% of 2004, Opera - for 17%.

Brian Krebs of Washington Post used our method to count the browser bugs in 2005. According to his calculations IE was unsafe for 70% of 2005, Mozilla - only 4%. In 2006, his results show that IE had unpatched critical vulnerabilities for 77% of the year, Mozilla - 2%.