14 DAY TRIAL // New security tools for Firefox 2.0 and the Thunderbird 2.0 are coming, courtesy of Mozilla. Window Snyder, the Director of Ecosystem Development at Mozilla Corporation revealed that the tools have been used internally in the process of securing both the open source browser as well as the email client. However, Mozilla feels that it should be the only one having access to the security tools, and that is why it was decided for the products to be released as open source. On the second day of the Black Hat 2007 conference in Las Vegas, during the "Building and Breaking the Browser" session presented by Window Snyder together with Mike Shaver, co-founder, Mozilla Project, the new security tools will be introduced.
"Traditional software vendors have little interest in sharing the gory details of what is required to secure a large software project. Talking about security only draws a spotlight to what is generally considered a weakness. Mozilla is using openness and transparency to better secure its products and help other software projects do the same. Mozilla has built and collaborated on tools to secure the Firefox Web browser and Thunderbird e-mail client, the first of which will be released at Blackhat Las Vegas 2007. These tools include protocol fuzzers for HTTP and FTP and a fuzzer for Javascript, which together have led to the discovery and resolution of dozens of critical security bugs. These tools may be useful to anyone developing or testing applications that implement or depend on these technologies," Snyder revealed.
Fuzz testing is a security technique that involves feeding random data to a program in order to identify basic security holes. When the technique is automated via an application, a fuzzer is created. A fuzzer is essentially designed to bombard a program with input, and to highlight code flaws. "Window Snyder and Mike Shaver will introduce these tools at BlackHat Las Vegas 2007 and discuss methods used to identify vulnerabilities in Firefox; plans for expanding the scope of Mozilla's work on Web security, and how Mozilla's security community uses openness and transparency to protect 100 million users around the world. Learn how to apply Mozilla's tools and techniques to secure your own software, and get an early look at new security features for Firefox 3," reads a fragment of the "Building and Breaking the Browser" session's synopsis.