Security Researcher Finds Hundreds of Browser Bugs 145
An anonymous reader writes "PC Magazine reports on a very understated late night post to the full-disclosure mailing list, in which security researcher Michael Zalewski shared a fuzzing tool reportedly capable of identifying over a hundred browser bugs. Some of these bugs, he says, may be already known to third parties in China. The report also includes an account of how browser vendors fared fixing these flaws so far. Not surprisingly, Microsoft's response timeline appears depressing."
Re:Pass the salt please (Score:3, Interesting)
Hard to get reproducible results (Score:2, Interesting)
FTFA: The design of the fuzzer makes it unexpectedly difficult to get clean,
deterministic repros; to that effect, in the current versions of all the
affected browsers, we are still seeing a collection of elusive problems when
running the tool - and some not-so-elusive ones.
This might help explain at least part of the difficult communication with Microsoft.
Re:Terrific Research, But... (Score:5, Interesting)
Momentum. A browser in operation tends to stay in operation unless acted upon by an outside IT consultant.
Re:Hard to get reproducible results (Score:4, Interesting)
This might help explain at least part of the difficult communication with Microsoft.
But not Mozilla, the Webkit team and Opera?