Opera Uses Mozilla Fuzzer Tool To Find 'Highly Severe' Bug

During the recent Black Hat security conference, the Mozilla Foundation publically released an open-source application security testing tool. Security fuzzers are software tools that test an application for problems like buffer overflows, format string vulnerabilities and error handling. Mozilla worked with Microsoft, Apple, and Opera before making their JavaScript fuzzer widely available in order to reduce the possibility that the tool might be used to expose vulnerabilities in the companies' browsers. Mozilla has been using it to detect and fix dozens of security bugs in Firefox, according to Window Snyder, head of Mozilla's product security.

The same security tool was used by Opera Software to find and patch what the company is calling a "highly severe" bug in its flagship browser. Opera noted in an advisory that the flaw could allow a hacker to execute code on the victim's machine. A virtual function call on an invalid pointer, which may reference data crafted by the attacker, can be used to execute arbitrary code. Opera Software released Opera V9.23 to fix the problem. The company publicly thanked Mozilla for providing them the JavaScript fuzzer.

News source: InformationWeek

Report a problem with article
Previous Story

EMusic Sells 150 Million Downloads

Next Story

Sony Claims PS3 Failure Rate of Less Than 1 Percent

14 Comments

Commenting is disabled on this article.

When is the "news" that Opera uses this tool more importan then they fixes importan security issues in Opera 9.23? Sometimes I feel the writers at Neowin is to Firefox/Mozilla focused.

Hehe, nothing... What the tool does seem to be to stress test the Javascript engine. I think it works by not intentionally looking for security problems and "reporting" them, but causing crashes that Mozilla and Opera can then analyze further. Often a crash can indicate a security problem like a buffer overflow.

What I find most depressing with these things is that you rarely hear Microsoft then picking up this tool and a few weeks after releasing an IE 7 update. MS has been silent as a mouse on this one so far. Does that mean IE is secure enough or they don't care? Have they even commented on it on a blog? They sometimes make themselves look like a closed source fortress in their own bubble of the world, and I hope they'd become more open about these things.

toadeater said,
At least Opera gives them credit, Microsoft would just copy it and claim they invented it.
:rolleyes:
Microsoft credits others who help responsibly identify and report flaws to them. I'm not sure where your comment comes from...

sigh, microsoft is not satan himself, mozilla is not god. They are just companies doing their thing and trying to earn enough money to keep their shareholders happy. They are not in jihad against eachother, just stop making silly comments like this, it's really getting old

XerXis said,
sigh, microsoft is not satan himself, mozilla is not god. They are just companies doing their thing and trying to earn enough money to keep their shareholders happy. They are not in jihad against eachother, just stop making silly comments like this, it's really getting old

Hold it there tiger! you can't just come in here with your commonsense and logic! its totally uncalled for - what next, people actually reading posts before posting stupid replies?

Anyway, I hope they fix up the bugs with Blogger/Opera because it is really annoying me; Firefox works like a treat, Opera seems to have 'issues' - to put it mildly.

I always think the companies get along a lot better than the users. The users create this browser war that nobody wins, it just goes on and on.

The App is open source, They used it to find a vunreablity in their browser and patch it before an exploit was created.

Good to mozilla for creating and releasing the tool
Good to opera for pro-actively working to secure their software

And especially good of opera for giving Mozilla credit where its due.


Its a good thing all round