blob: 51f2603bf4774b3db068a1b6fd2747a007c043ae (
plain)
1
2
3
4
5
6
7
8
9
10
11
12
13
|
Mozilla recently announced at the Black Hat security conference in Las Vegas that it would [release a series of security tools][3], known as fuzzers, which have previously only been used internally, to the internet at large.
The move is designed to give outside hackers easier ways to test for security flaws in Firefox and other web browsers. Fuzzers are tools that poke, prod and sometimes outright attack a piece of software to test its robustness and identify potential vulnerabilities.
Mozilla has thus far released a [Javascript fuzzer][2] and already Claudio Santambrogio of Opera Software [reports][3] that, using the new tool, Opera was able to find four bugs "one of which might have some security implications."
For those concerned that these tools might be used in the wrong way by some, Mozilla says that it has worked with Microsoft, Apple, and Opera to make sure they were okay with the release. "All of these browser vendors reviewed the tool and let us know that they were okay with the release," says the Mozilla blog.
The truth is, the really nefarious crackers have their own fuzzers anyway and, as the Opera announcement testifies, these tools are far more likely to help end-users in the form of patches than cause problems.
[1]: http://blog.mozilla.com/security/2007/08/02/javascript-fuzzer-available/
[2]: https://bugzilla.mozilla.org/show_bug.cgi?id=jsfunfuzz
[3]: http://my.opera.com/desktopteam/blog/2007/08/03/fun-with-the-fuzzer
|
