NoOp wrote:
On 12/15/2008 08:34 PM, Barry Edwin Gilmour wrote:
  
NoOp wrote:
    
On 12/15/2008 02:58 PM, NoOp wrote:
   
      
On 12/13/2008 08:34 PM, Justin Wood (Callek) wrote:

     
        
Of note to everyone here is that Mozilla (SeaMonkey, Firefox etc.)
report EVERY security bug once fixed and what it was. Some companies
like IE, Apple, and possibly even Google (for chrome -- no data), if a
security bug is only ever found and reported internally, they won't make
it even known that it _ever_ existed. Where we do and fix it anyway. It
is a very open community, therefore the potential for others to
accurately gauge what bugs are fixed on our side is high, whereas on
Microsoft or Apple's side is relatively low.

       
          
Agree.

Along these lines, this might be of interest to try with SeaMonkey...

http://www.info-svc.com/news/2008/12-12/
[Google Chrome Receives Lowest Password Security Score]
   http://www.info-svc.com/news/2008/12-12/pm-evaluator/
[Password Manager Evaluator v2.0]

If I get some time later I'll try it with SM 1.1.14 and 2.0a3pre to see
what the results are.

     
        
1.1.14:
Report
Test Performed	Result
Action Authority Checked on Retrieval	FAILED
Action Authority Checked on Save 	FAILED
Action Authority Raises Warnings 	FAILED
Action Path Checked on Retrieval 	FAILED
Action Path Checked on Save 	FAILED
Action Scheme Checked on Retrieval 	FAILED
Action Scheme Checked on Save 	FAILED
Action Scheme Raises Warnings 	FAILED
Action Scheme Prevented if Unsafe 	FAILED
Autocomplete=Off Prevents Form Fills 	FAILED
Invisiblility Prevents Form Fills 	PASSED
Method Checked on Retrieval 	FAILED
Method Raises Warnings 	FAILED
Multiple Paths Per User Per Authority	FAILED
Multiple Ports Per User Per Host 	FAILED
Multi. Schemes Per User Per Authority	FAILED
Page Path Checked on Retrieval 	FAILED
Random Name Attr. Prevents Form Fills	PASSED
User Required for PW Retrieval 	FAILED
User Required for PW Save 	FAILED
Valid URIs Don't Break Anything 	PASSED

I reckon I'll run the test again to make sure that I did everything
correct.
   
      
Mozilla/5.0 (X11; U; Linux i686; en-US; rv:1.9.1b3pre) Gecko/20081215 
Lightning/1.0pre SeaMonkey/2.0a3pre ID:20081215000501
Report
Action Authority Checked on Retrieval    FAILED
Action Authority Checked on Save     FAILED
Action Authority Raises Warnings     FAILED
Action Path Checked on Retrieval     FAILED
Action Path Checked on Save     FAILED
Action Scheme Checked on Retrieval     FAILED
Action Scheme Checked on Save     FAILED
Action Scheme Raises Warnings     FAILED
Action Scheme Prevented if Unsafe     PASSED
Autocomplete=Off Prevents Form Fills     FAILED
Invisiblility Prevents Form Fills     PASSED
Method Checked on Retrieval     FAILED
Method Raises Warnings     FAILED
Multiple Paths Per User Per Authority    FAILED
Multiple Ports Per User Per Host     FAILED
Multi. Schemes Per User Per Authority    FAILED
Page Path Checked on Retrieval     FAILED
Random Name Attr. Prevents Form Fills    PASSED
User Required for PW Retrieval     FAILED
User Required for PW Save     FAILED
Valid URIs Don't Break Anything     PASSED

    

Hmmm... Perhaps one of the developers can run as well & see if: 1) they
get the same results (I got the same as you with 2.0a3pre), and 2) if
perhaps they can comment on the test. Perhaps if the test is flawed they
can contact the info-svc.com folks to modify the tests accordingly?

  
The tests do highlight each browsers security-methods:-

http://us.f13.yahoofs.com/bc/486c50ed_117b7/bc/Miscellaneous/passwd-evaluator.html?bffgDSJBHy5VqBbo


_______________________________________________
support-seamonkey mailing list
support-seamonkey@lists.mozilla.org
https://lists.mozilla.org/listinfo/support-seamonkey

Reply via email to