In association with heise online

07 August 2007, 13:43

Mozilla Foundation releases browser fuzzing tool

  • Twitter
  • Facebook
  • submit to slashdot
  • StumbleUpon
  • submit to reddit

The Mozilla Foundation has released three tools that enable developers and users to test their browsers for vulnerabilities that can be exploited while browsing. They are specifically aimed at assisting those users who regularly download and test the nightly builds - the latest (possible unstable) development versions - in searching for bugs. The Mozilla Foundation is hoping to achieve a better level of security for their browser through feedback from the Mozilla community. The tools were originally conceived for Firefox and Mozilla only. However the developer, Jesse Rudermann, also wants to make them available to other browser producers.

The jsparsefuzz.js fuzzing tool attempts to crash the browser by generating buggy JavaScript code. This should allow potential security vulnerabilities to be detected at an early stage. A script, multi_timed_run.py, is used to control the fuzzing tool, allowing users to perform multiple runs unattended. Access to the jsfunfuzz.js fuzzing tool, described by Rudermann in Bugzilla, is, however, currently restricted to members of the security team. Rudermann also plans to provide the tool to other browser producers.

The concept of testing browsers for vulnerabilities using fuzzing tools is not new. Back in late 2004, Michal Zalewski released a tool to generate defective HTML pages, using which he discovered a number of buffer overflows in various browsers.

See also:

(mba)

Print Version | Send by email | Permalink: http://h-online.com/-733406
 


  • July's Community Calendar





The H Open

The H Security

The H Developer

The H Internet Toolkit