JavaScript fuzzer available
2 August 2007Mike Shaver and I just finished presenting “Building and Breaking the Browser”at Blackhat today in Las Vegas. We discussed the methods and tools that Mozilla uses to secure the Firefox browser. These tools include a fuzzer for Javascript, which has led to the discovery and resolution of dozens of critical security bugs. Fuzzers are tools that generate a large amount of input in order to test the robustness of a piece of software and can be used to identify potential vulnerabilities.
This is the tool we discussed in our presentation, the first in a series of security tools that we intend to make publicly available.
https://bugzilla.mozilla.org/show_bug.cgi?id=jsfunfuzz
The responsible sharing of security tools is an important way to contribute to the overall health of the web. We worked with Microsoft, Apple, and Opera to reduce the possibility that this tool might adversely affect users of those browsers. All of these browser vendors reviewed the tool and let us know that they were okay with the release.
13 Responses to “JavaScript fuzzer available”
August 2nd, 2007 at 2:50 pm
[...] Contact the Webmaster Link to Article firefox Permanent Link to JavaScript fuzzer available » Posted at Mozilla Security [...]
August 2nd, 2007 at 11:18 pm
[...] wrote a fuzzer called jsfunfuzz for testing the JavaScript engine in Firefox. Window, Shaver, and I announced it at Black Hat earlier today, as part of Mozilla’s presentation, “Building and Breaking the [...]
August 3rd, 2007 at 11:26 am
[...] The great news is that Mozilla isn’t the only one benefiting from it! Opera posted version 9.23 Beta today that fixes four bugs that caused crashes, and one that could have compromised the security of the browser. All five of those problems were found using the jsfunfuzz tool that Mozilla announced and released to the public. [...]
August 3rd, 2007 at 1:57 pm
[...] en un anuncio oficial en el blog de seguridad han anunciado que esta herramienta está disponible libre descarga… ¿un arma de doble [...]
August 3rd, 2007 at 4:47 pm
[...] Read the whole story here. [...]
August 5th, 2007 at 8:22 am
[...] momento, a Mozilla já liberou um fuzzer de Javascript. Esta e todas as outras publicações da Mozilla relacionadas à segurança podem ser encontradas [...]
August 6th, 2007 at 1:17 pm
[...] JavaScript fuzzer available [...]
August 6th, 2007 at 3:04 pm
[...] JavaScript fuzzer Claudio Santambrogio at Opera posted that they have been running the Mozilla JavaScript fuzzer and as of Friday have found and fixed 4 issues with it. I am thrilled. This is exactly what we [...]
August 9th, 2007 at 3:34 am
[...] mientras sigue en desarrollo su nueva versión 3.0, la cual salio la nueva Alpha 7. Luego Mozilla lo puso a disposición para que sea probado en otros navegadores, Opera lo probo y comprobó 4 errores en su motor [...]
August 9th, 2007 at 5:42 pm
谢谢
August 15th, 2007 at 7:51 am
[...] to the Mozilla team for kindly providing this tool Opera. This is the kind of collaboration I love seeing – making the Web more secure for [...]
August 15th, 2007 at 8:01 am
[...] is the first in a series of security tools that will be released by the open-source [...]
August 18th, 2007 at 7:38 am
[...] oni stworzyli narzędzie, dzięki któremu błąd został odnaleziony - fuzzer Java Script o nazwie JSFuzzer. Narzędzie to zastało udostępnione na zasadach open-source w czasie konferencji Black Hat w San [...]