JavaScript fuzzer available

08.02.07 - 12:20pm

Mike Shaver and I just finished presenting “Building and Breaking the Browser”at Blackhat today in Las Vegas. We discussed the methods and tools that Mozilla uses to secure the Firefox browser. These tools include a fuzzer for Javascript, which has led to the discovery and resolution of dozens of critical security bugs. Fuzzers are tools that generate a large amount of input in order to test the robustness of a piece of software and can be used to identify potential vulnerabilities.

This is the tool we discussed in our presentation, the first in a series of security tools that we intend to make publicly available.

https://bugzilla.mozilla.org/show_bug.cgi?id=jsfunfuzz

The responsible sharing of security tools is an important way to contribute to the overall health of the web. We worked with Microsoft, Apple, and Opera to reduce the possibility that this tool might adversely affect users of those browsers. All of these browser vendors reviewed the tool and let us know that they were okay with the release.

Category: Announcements, Conferences, Security |

Off to Black Hat! Mike Shaver, ten days, and expletives

The Buzz {12 trackbacks/pingbacks}

  1. Pingback: University Update - Firefox - Permanent Link to JavaScript fuzzer available on August 2, 2007
  2. Pingback: Introducing jsfunfuzz · Get Latest Mozilla Firefox Browsers on August 2, 2007
  3. Pingback: Both Opera and Firefox Benefit from Mozilla’s jsfunfuzz - CyberNet News on August 3, 2007
  4. Pingback: Fuzzer: La herramienta de Mozilla para detectar Bugs… listo para decarga : on August 3, 2007
  5. Pingback: Mozilla Releases a (Hot) Fuzzer « Software Battle! on August 3, 2007
  6. Pingback: Security Hub » Blog Archive » Mozilla liberando para o público os seus fuzzers on August 5, 2007
  7. Pingback: Mozilla Security Blog » Blog Archives » Feedback from Opera on Mozilla JavaScript fuzzer on August 6, 2007
  8. Pingback: Feedback from Opera on Mozilla JavaScript fuzzer · Get Latest Mozilla Firefox Browsers on August 6, 2007
  9. Pingback: Testear bugs javascript en navegadores, resultados en Opera y Firefox « Dígito Binario - Tecnología Informática on August 9, 2007
  10. Pingback: Opera 9.23 update; fixes crash bugs found using Mozilla’s fuzzer tool on August 15, 2007
  11. Pingback: » Opera uses Mozilla fuzzer to find, fix severe browser flaw | Ryan Naraine’s Zero Day | ZDNet.com on August 15, 2007
  12. Pingback: aero Blog » Blog Archive » Opera załatana dzięki Mozzilli on August 18, 2007

The Conversation {1 comments}

  1. 小麦 {Thursday August 9, 2007 @ 5:42 pm}

    谢谢

Speak Your Peace

  • Comment Policy:Could go here if there's a nagging need Login Instructions: Would go here if there's a desire.