Opera uses Mozilla fuzzer to find, fix severe browser flaw

Opera uses Mozilla fuzzer to find, fix severe browser flaw

Summary: Using a JavaScript fuzzer released by Mozilla at Black Hat, Opera's security team has found and fix a "highly severe" browser flaw that could be used in code execution attacks.

SHARE:
TOPICS: Browser
6

Opera uses Mozilla fuzzer to find, fix flawHow's this for cross-browser cooperation?

Using a JavaScript fuzzer released by Mozilla at Black Hat, Opera's security team has found and fixed a "highly severe" browser flaw that could be used in code execution attacks.

The problem:

A virtual function call on an invalid pointer that may reference data crafted by the attacker can be used to execute arbitrary code.

The flaw was found with jsfunfuzz, a JavaScript compiler/decompiler fuzzer built by Jesse Ruderman and released earlier this month by Mozilla security chief Window Snyder.

It is the first in a series of security tools that will be released by the open-source group.

Snyder said all the major browser vendors -- Opera and Microsoft -- were giving the fuzzer ahead of time and they were all comfortable with the idea of making it available to the public.

Topic: Browser

Kick off your day with ZDNet's daily email newsletter. It's the freshest tech news and opinion, served hot. Get it.

Talkback

6 comments
Log in or register to join the discussion
  • How nice of Mozilla.

    They could have just released it to the public, but I guess responsible disclosure still has its place.
    Scrat
    • why dont ya complain some more?

      and eventually Opera and IE can fix these things on their own. I guess giving it to the vendors of other browsers isn't good enough for you, everyone should have it because everyone is making their own browser now a days.
      Monkey_MCSE
      • Huh?

        Who peed in your cornflakes? He COMPLIMENTED Mozilla. Have another cuppa coffee and re-read his post.
        Jambalaya Breath
  • Fuzzer?

    Typical "we know it all and you don't" article.

    What is a FUZZER? And for that matter, what is a FUZZZER?

    Isn't it your job to inform the public?
    plainstreet@...
    • Here's a link to

      [b][i]Wikipedia[/i][/b]'s article on [i]Fuzz testing[/i], which explains the term : http://en.wikipedia.org/wiki/Fuzzer.

      And yes, I agree with you that [b]Ryan[/b] should have provided a brief explanation within his article....

      Henri
      mhenriday
      • OTOH

        Google is STILL your friend.
        Jambalaya Breath