A security researcher has released a new tool that he says can effectively find browser vulnerabilities that are often difficult to identify and is warning that at least one
Using cross_fuzz, Polish security researcher Michal Zalewski, a member of Google's vulnerability research team, said he has discovered about 100 vulnerabilities in popular browsers, including Internet Explorer, Firefox and Opera. He said he released the tool so other security experts can improve its effectiveness and get software makers to correct the errors, some of which have remained unresolved since they were discovered in July.
Zalewski said a new zero-day vulnerability in Internet Explorer that could "trigger several exploitable crashes" was identified in July. He said the details of the IE zero-day flaw may have been accidentally indexed by Google.
"I have confirmed that following this accident, no other unexpected parties discovered or downloaded the tool," Zalewski wrote in a blog post on the incident, adding that he traced a search query to an IP address in China, which also indexed the cross_fuzz files containing the zero-day vulnerability .
Microsoft has reportedly responded that it is investigating the issue and that no attacks targeting the flaw have been detected.
So far the tool has identified more than 50 vulnerabilities in Firefox, many of which have been addressed by Mozilla. Vulnerabilities were also identified in all WebKit browsers. Most of the flaws have been patched, Zalewski said, but some difficult-to-patch memory corruption errors remain. Several flaws, including a highly critical error, were identified in the Opera browser, several of which have not been resolved, Zalewski said.
The new cross_fuzz tool is a document object model (DOM) binding fuzzer, which analyzes how the browser interacts with objects and other elements when rendering webpages. In a blog posting and a message on the Full Disclosure mailing list, Zalewski asked researchers to help work out ongoing performance issues with the new tool.