Vulnerability researcher HD Moore pledges to post a browser bug every day this month to enlighten software makers and security managers to the threats posed by data fuzzing tools.
Moore, the founder of the Metasploit Project, has experimented with browser fuzzing for several months. A fuzzer, or fuzzing tool, systematically changes the data sent to an application--in this case, a browser--to see whether the software correctly handles corrupted input. Moore's experiments found dozens, if not hundreds, of security flaws in the most common browsers.
After notifying browser makers of many of the issues and warning developers to run the three different fuzzing tools he tested, Moore has decided to release a security flaw every day to raise awareness.
"This information is being published to create awareness about the types of bugs that plague modern browsers and to demonstrate the techniques I used to discover them," he said in a post to his blog.
As of Thursday, Moore has released descriptions of six security flaws: four in Microsoft's Internet Explorer browser, one in the open-source Firefox browser, and one in Apple's Safari browser.
Posted by: Robert Lemos