Researcher releases browser security tool

A security researcher who created a tool to find bugs in major browsers has released it to the public, while warning of an unpatched vulnerability in Internet Explorer.

A security researcher who created a tool to find bugs in major browsers has released it to the public, while warning of an unpatched vulnerability in Internet Explorer.

Michal Zalewski, a Google security researcher based in Poland, announced in a blog post on Saturday that he was releasing a tool called 'cross_fuzz' and said its distribution was a priority because at least one of the vulnerabilities discovered by the tool appears to be known to a mysterious third party.

"I have reasons to believe that the evidently exploitable vulnerability discoverable by cross_fuzz, and outlined in msie_crash.txt, is *independently* known to third parties in China," Zalewski wrote in a separate post.

For more on this story, read Researcher reports apparent China interest in IE hole on CNET News.