Slashdot Mirror

← Back to Stories (view on slashdot.org)

Security Researcher Finds Hundreds of Browser Bugs

Posted by Soulskill on from the going-for-the-gusto dept.

An anonymous reader writes "PC Magazine reports on a very understated late night post to the full-disclosure mailing list, in which security researcher Michael Zalewski shared a fuzzing tool reportedly capable of identifying over a hundred browser bugs. Some of these bugs, he says, may be already known to third parties in China. The report also includes an account of how browser vendors fared fixing these flaws so far. Not surprisingly, Microsoft's response timeline appears depressing."

2 of 145 comments (clear)

  1. Re:Sandbox time? by fuzzyfuzzyfungus · · Score: 4, Insightful

    That runs into the convenience problem: Downloading pictures, files, executables, etc. and printing stuff are ridiculously common use cases for browsers. So to is the old 'opening a link in some other program in a browser'. Thus, any sort of security mechanism that makes those more of a pain will run into user resistance. Any sort of security mechanism that initially blocks those and then introduces a bunch of workarounds(shared filesystem location between VM and computer, virtual printer in VM mapping to real spooler, some sort of local process that catches URLs and passes them into the sandbox, etc. also raises the possibility of serious bugs in those workaround mechanisms...

    If browsers were exclusively used for reading web pages, securing them would be so much simpler...

  2. Re:Hard to get reproducible results by Rockoon · · Score: 4, Insightful

    Just to be fucking honest...

    His tool only found a few bugs ("several") in Internet Explorer, found about two dozen in Webkit ("some" problems still unfixed), about 60 bugs in Mozilla ("several" still unfixed), and that for Opera some of the bugs arent fixed ("several".)

    So what we see here is that of the browsers, Internet Explorer didnt have nearly as many problems identifiable by his tool as the others to begin with, and that it still doesnt have more than the other browsers now even after all parties had 6 months.

    Could it be that all of the remaining bugs for all of the browsers require good reproducibility to address reasonably? Could it be that the person you replied to is correct, rather than that your "but not mozilla, webkit team and opera?" bullshit is just that, bullshit?

    --
    "His name was James Damore."