Security Researcher Finds Hundreds of Browser Bugs

An anonymous reader writes "PC Magazine reports on a very understated late night post to the full-disclosure mailing list, in which security researcher Michael Zalewski shared a fuzzing tool reportedly capable of identifying over a hundred browser bugs. Some of these bugs, he says, may be already known to third parties in China. The report also includes an account of how browser vendors fared fixing these flaws so far. Not surprisingly, Microsoft's response timeline appears depressing."

Re:Pass the salt please

[Barny]

And after much follow up in late December MS finally acknowledged that they were reproducible with the July version of the tool.

Basically this guy gave them over six months to fix the bugs, they bullshitted around and fixed one or two faults, then on the eve of his release of the tool (when all other affected vendors had worked closely with him to fix all the faults) MS tried to state that it was only the latest version of his tool that caused the majority of the bugs. The author said if this was the case he would hold off on release, but after testing found MS to still have a good supply of bullshit left (the flaws showed up with the older tool, which MS eventually conceded) so he released it on the date he said, January.

Once again MS not willing or just plain not wanting to work with a security expert and then said expert doesn't buy their crap and releases on the schedule set.