14 DAY TRIAL // A Google security researcher publicly released a self-made fuzzing tool that so far helped uncover nearly a hundred bugs in all major browsers.
Fuzzing is a software testing technique which involves serving malformed input to an interpreter or parser with the purpose of triggering crashes.
Many of these crashes can be the result of stability problems and therefore nothing more than simple denial of service conditions.
However, in other cases, they can reveal much more serious memory issues that can be exploited to execute arbitrary code on the underlying systems.
The new cross_fuzz tool released by reputed Google security engineer Michal Zalewski tests the Document Object Model (DOM) bindings in browsers.
"The fuzzer owes some of its efficiency to dynamically generating extremely long-winding sequences of DOM operations across multiple documents, inspecting returned objects, recursing into them, and creating circular node references that stress-test garbage collection algorithms," the researcher explains.
So far, using cross_fuzz, Zalewski found several unresolved exploitable crashes in Internet Explorer, including one that might already be known to third parties.
The highest number of bugs were identified in Firefox, ten by the researcher himself and another 50 after the tool's fuzzing methods were integrated into a testing platform already used by Mozilla.
The Firefox issues have largely been addressed, but some more obscure and hard to analyze crashes still occur.
About two dozen bugs were identified and fixed in Apple's WebKit layout engine, with the exception of several memory corruption issues that are harder to pinpoint.
A few Opera crashes have also been fixed in the recently released Opera 11, including a high severity one that has yet to be detailed.
Cross_fuzz was released publicly in order to identify and analyze crashes with help from the community and quality assurance personnel working for browser developers.
"[...] In the current versions of all the affected browsers, we are still seeing a collection of elusive problems when running the tool - and some not-so-elusive ones. I believe that at this point, a broader community involvement may be instrumental to tracking down and resolving these bugs," Zalewski concludes.